U.S. spy agencies ... email for cybersecurity

William Allen Simpson william.allen.simpson at gmail.com
Tue Jul 10 01:46:51 UTC 2012


Somebody needs to give them a clue-by-four.  The private sector
already has the "Internet address where an email ... originated";
it's already in the Received lines.  We don't need to be informed
about it, we already inform each other about it.

And it's already delivered "at network speed."

It is my understanding the Dept of Homeland Security already
cooperates in sharing government intrusion information.  We certainly
don't need a "U.S. spy agency" MITM to "protect the private sector."

Moreover, the US is the source of most spam and malware, so the NSA
isn't really going to be much help.  And the US is the source of the
only known cyber attacks on other country's infrastructure, so it's
not likely much help there, either.  Unless they expect retaliation?

===

http://in.reuters.com/article/2012/07/10/net-us-usa-security-cyber-idINBRE86901620120710

U.S. spy agencies say won't read Americans' email for cybersecurity
8:48pm EDT

By Tabassum Zakaria and David Alexander

WASHINGTON (Reuters) - The head of the U.S. spy agency that eavesdrops on
electronic communications overseas sought on Monday to reassure Americans
that the National Security Agency would not read their personal email if
a new cybersecurity law was enacted to allow private companies to share
information with the government.
...

But to help protect the private sector, he said it was important that the
intelligence agency be able to inform them about the type of malicious
software and other cyber intrusions it is seeing and hear from companies
about what they see breaching the protective measures on their computer
networks.

"It doesn't require the government to read their mail or your mail to do
that. It requires them, the Internet service provider or that company, to
tell us that that type of event is going on at this time. And it has to be
at network speed if you're going to stop it," Alexander said.

He said the information the government was seeking was the Internet
address where an email containing malicious software originated and
where it traveled to, not the content of the email.
...

But the U.S. government is also concerned about the possibility of a cyber
attack from adversaries on critical infrastructure such as the power grid or
transportation systems.




More information about the NANOG mailing list