U.S. spy agencies ... email for cybersecurity

Christopher Morrow morrowc.lists at gmail.com
Tue Jul 10 14:33:43 UTC 2012

On Tue, Jul 10, 2012 at 3:32 AM, shawn wilson <ag4ve.us at gmail.com> wrote:
> On Mon, Jul 9, 2012 at 11:22 PM, Christopher Morrow
> <morrowc.lists at gmail.com> wrote:
>>> But to help protect the private sector, he said it was important that the
>>> intelligence agency be able to inform them about the type of malicious
>> translated: "Hey, what if we could tell our private sector partners
>> (Lockheed-Martin, for instance) that they should be on the lookout for
>> things like X, or traffic destined to Y, or people sending all their
>> DNS queries to these 5 netblocks." (dcwg.org sorta crap)
> or, lets take a real example - rsa gets compromised and a third of the
> authentication tons (most?) of government agencies were using is all
> of a sudden vulnerable (possibly more than that if you consider that
> rsa could've lost classified technology). rsa has to realize the
> threat and can take their time to disclose what they want to disclose.

sure, this isn't really in line with the idea I was getting at, except
that: "Hey, PRC located ips really might be using token-auth to login
to your systems, w00t!"

> i think if i were in the power to fix that, i would *try* :) ie, i
> highly doubt a massively scaled system has a chance at detecting most
> apt.

it might not, but discounting/dealing with all the cruft that today
takes up your ops-folks time easily/mechanically surely frees the mup
to focus on the things that they REALLY need to pay attention to...
Essentially, filter out the garbage, focus on the actual threats to
your business. The shared data pool COULD do that.

> also, i don't really like the idea that someone might be monitoring my
> activities (who watches the watchers). however, if i were in the

if you work for a corporation (in the US at least) ... the corporation
already has been monitoring your activities, you signed (in almost all
cases) a paper acknowledging that fact, w00t!

> position of acquiring data about threats, i think i'd try to suck in
> as much data as i had the processing power to manage.

exactly... and if done right, the 'service in the cloud' (or whatever)
that aggregates, can do some bunches of that processing for you.


More information about the NANOG mailing list