Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
United States

Senate Confirms Chris Inglis as Biden's Top Cyber Adviser (politico.com) 50

The Senate on Thursday confirmed Chris Inglis to be President Joe Biden's national cyber director, installing the former NSA deputy director as Biden's top cyber adviser at a time when many lawmakers are pressing the White House for a muscular response to a series of high-profile hacks. From a report: As head of the new Office of the National Cyber Director inside the White House, Inglis will coordinate federal agencies' disparate work on cyber issues and oversee the development of the U.S.' digital defense strategy. The Senate confirmed Inglis on a voice vote one day after the Homeland Security Committee unanimously approved his nomination.

The recent ransomware attacks on Colonial Pipeline and the meat processing giant JBS, both attributed to Russian cybercrime gangs, as well as the SolarWinds espionage campaign that intelligence agencies linked to Moscow, thrust cybersecurity into the spotlight on Capitol Hill and prompted renewed scrutiny of the challenges facing the federal government, including its limited understanding of attacks on private companies.

This discussion has been archived. No new comments can be posted.

Senate Confirms Chris Inglis as Biden's Top Cyber Adviser

Comments Filter:
  • I suggest cruise missiles.

    • I suggest quality software and firmware, and real accountability for those who deliver crap-ware. We have seen the results when Boeing outsourced MCAS for instance. And it would also give a legitimate way, non tariff way of keeping Chinese stuff out of the value added arena. A three year durability window to support products would also help core skills in the US. Responsibility might take the form of right to repair, and zero protections on abandoned and unsecured ,non up-gradable products and firmware. T
      • by DarkOx ( 621550 )

        Congratulations you have just destroy the FOSS movement entirely! Nobody and I really mean nobody will put out free software if it exposes them to unknown liability!

        Hell would you even post on stack overflow if an incorrect snippet there could expose you to civil let alone criminal damages?

        • Seems pretty obvious to me he's talking about VENDORS and requiring support and accountability from companies selling software.

          • by DarkOx ( 621550 )

            Seems to me that is distinction without a difference. It means in practice OSS is basically off the table for use in any commercial project / product then. It would for example be more costly to audit something like Apache than it would be to write your own scaled down task specific implementation. So in practice nobody could justify using Apache, to host anything of value. The first thing an Umbrella Insurer or Cyber insurer would ask is are you running vendor backed software?

            Companies like RedHat basicall

        • That and programmers are already working in a relatively high-stress job. Throw in "Oh yeah if we find any bugs in your code we'll throw you in jail" and yeah fuck that I'd rather sweep floors than drive myself insane.

          There's a reason "good faith" is used a lot in courts.

  • NSA leadership should not be permitted anywhere near federal policy decisions or leadership on USA cybersecurity. The NSA is not about improving USA's security. They're about violating it, as demonstrated by their illegal and unconstitutional monitoring of domestic communications, and demonstrated by the backdoors they've been caught insisting on for Cisco and other network hardware vendors. Even when they "collaborate" with civilians to enhance security, as they tried with the "Clipper Chip", their insiste

    • Re: (Score:1, Funny)

      by Anonymous Coward

      Agreed. Biden should fire existing leaders and install various family members as the heads of all government departments.

      • by DarkOx ( 621550 )

        Actually YES! That would be more democratic!

        Certainly better than the current system where as we saw over the course of the last five years the administrative state is so large and so entrenched who the actual executive is almost moot. Elections should have consequences! Consequences beyond palace intrigue where the elected official struggles to overcome the obstruction of disloyal bureaucrats anyway!

        The concept of Civil Service is antithetical to true democratic representation! We should have a pure spoils

        • "We should have a pure spoils system, where pretty much any government worker with decision making authority is expected to get a pink slip, to the degree they don't even ask and just assume they should not bother coming in January 21st."

          So the entire military above Private, most of the Post Office, nearly all of the VA, all of the FBI/NSA/CIA, most of the CDC, FDA, DOD, etc.? You want all those people gone in a single day and replaced by political cronies?

    • 'Voice vote' i.e. nobody was willing to oppose a blatant placement by the deep state into the White House. Funny that...

    • by DarkOx ( 621550 )

      The same can be said about the FBI and DOJ for the most part.

    • They're about violating it, as demonstrated by their illegal and unconstitutional monitoring of domestic communications, and demonstrated by the backdoors they've been caught insisting on for Cisco and other network hardware vendors.

      And at least as importantly, the exploits they are exploiting instead of reporting.

      Even when they "collaborate" with civilians to enhance security, as they tried with the "Clipper Chip"

      The clipper chip was a deliberate attempt to reduce security, period.

      • > The clipper chip was a deliberate attempt to reduce security, period.

        It was an attempt to reach a compromise with the need for security. It was deliberately compromised, an unintentional irony.

    • The NSA is not about improving USA's security.

      Actually it is [wikipedia.org], and that's part of the problem.

      They're caught between twin duties of both espionage on foreign agents and powers and protecting the technical infrastructure of the US (computers, communications, etc) from the same by foreign nations. Preforming the latter implies weakening the former. e.g. zero-day exploits, etc.The thing that kind of broke the mold was 9/11 and the Patriot Act. [wikipedia.org]

  • by Futurepower(R) ( 558542 ) on Friday June 18, 2021 @12:40AM (#61498240) Homepage
    We need in-depth reporting about what computer system equipment has been open to cyber attacks, and why.

    President Biden seems to me to be better than any other president in the last 60 years. However, he often communicates in a sloppy and insufficient manner. President Biden gave the names of agencies the Russian hackers should not hack! There should be NO hacking. See this article:

    Biden tells Putin certain cyberattacks should be 'off-limits' [reuters.com]

    Helpful article: Scope of Russian Hacking Becomes Clear: Multiple U.S. Agencies Were Hit [nytimes.com]

    Quote from that article:

    "About 18,000 private and government users downloaded a Russian tainted software update — a Trojan horse of sorts — that gave its hackers a foothold into victims’ systems, according to SolarWinds, the company whose software was compromised."

    Should 18,000 private and government users be educated about computer use? How did the software become "tainted"? How do we know that it was Russians who did the damage? Could hackers in other countries arrange to go through Russia?

    A huge problem is that few people have technical knowledge.

    People have been using their own computers to work from home!! Not company computers. A news story said that home computers used to work remotely are often also used by children.
    • The Solarwinds hack seems not to have been used for ransomware or sabotage. The costs to remediate are huge, but ultimately it's the kind of hack the NSA would do too ... I doubt it's what Biden meant with off limits.

    • by DarkOx ( 621550 )

      Cool I'll put some sticky labels on valuable property in my unlocked car, I think criminals should not steal!

      Wait no, my hypothesis is the outcome will be rather poor, tell you what lets try it with your stuff and your car. Threatening escalation for attacking certain targets is one thing. Its no different than saying if you move troops over this border we will counter attack. However its useless unless the threat is credible. I don't think the threat is credible at this point. We have let so many serious

      • dont threaten, just do it stealthily, and make a clean escape, that way they dont know what hit em, and when the news finally breaks it scares the shit out of others that ply the same trade making them reconsider what they do
        • by DarkOx ( 621550 )

          Only if the believe what happened to them was some kind of reprisal. Otherwise why would unilaterally disarm and stop cyber espionage - after all you have just experienced first hand what an effective tool it is and you would not have any real reason to think ceasing engagement affords you any protection.

    • "President Biden seems to me to be better than any other president in the last 60 years."
      Are you being sarcastic? It's not clear. The rest of your post clearly indicates he's an ineffective moron.

  • to cyber criminals, like all these ransomware attacks, if the gov can pinpoint where and who is doing it then send some assassins after them and just kill em, sneak in and out and nobody knows it happened until they smell the dead bodies, leave a calling card for others to see and fear least the same fate happens to them, because you know the Russian gov wont do anything about it and maybe they might even be the ones behind the whole thing
    • by gtall ( 79522 )

      And as soon as the U.S. got caught authorizing any hit in a country that counts, there would be hell to pay. Stop watching TV, bad for you.

      • i think you're the one that watches too much TV, stuff like that does happen in the real world on occasion, and the calling card could be ambiguous enough to not point the finger at any particular government/military/nation, just enough to let them know somebody is smart enough to be watching and capable of doing something about it,
  • If the US was serious about cyber security they would put defense (i.e. protecting computer systems from attack by the bad guys, working to ensure vulnerabilities get fixed and pushing for stronger and more secure software and encryption) ahead of offense (i.e. holding onto vulnerabilities to use against others, pushing for weaker encryption and taking advantage of flaws to spy on people)

    • That's also what game theory prescribes. In game theory you achieve victory by denying your opponents the opportunity to score before trying to maximize your own score. Though Von Neumann was ultimately a warmonger that always thought the US should have gone for a nuclear first strike against the USSR.

    • by gtall ( 79522 )

      Naughty naughty! The R's in Congress would scream bloody murder that the Fed. Gov. is reaching that far into the private sector. The D's in Congress would decorate any bill authorizing such with some green initiatives.

    • by mjwx ( 966435 )

      If the US was serious about cyber security they would put defense (i.e. protecting computer systems from attack by the bad guys, working to ensure vulnerabilities get fixed and pushing for stronger and more secure software and encryption) ahead of offense (i.e. holding onto vulnerabilities to use against others, pushing for weaker encryption and taking advantage of flaws to spy on people)

      And at the end of the day, your systems are still compromised whilst you the attackers just reset and start over again.

      You're advising proposing whack-a-mole with anonymous parties in non-extradition treaty countries that are often working through innocent proxies (compromised machines). Going on the attack is going to sweet fuck all and you'll end up exactly where you whilst wasting millions.

  • by DivineKnight ( 3763507 ) on Friday June 18, 2021 @02:51AM (#61498306)

    Let's be honest, writing secure software is hard. And costly. And at the end of the day, you can never really say that your software is secure, only that you've done all you could to try and eliminate some of the known edge cases.

    It has been decades, and we are still finding flaws in the Linux kernel, and that is some of the most peer-reviewed code out there. Which to say nothing of the Windows kernel...

    If your code has a bug, someone can find a way to turn that bug into the next zero-day; to date, there has only been one secure program that has ever been written, and it is our friend "Hello World." And even then, we can't be completely sure...

    • by gtall ( 79522 )

      It isn't just "bugs", it is that the systems are complicated enough that bits and pieces can be co-opted to work together to create a security issue. No amount of cleaning up bugs is going to fix this problem.

    • There are only a few conditions that need to be met for software to be totally secure:

      1) It can have no inputs
      2) It can have no outputs
      3) It can use no memory

      Do these three things and your software can never be hacked.

    • there has only been one secure program that has ever been written, and it is our friend "Hello World.".

      Have you seen the {insert personal choice of unloved language with big framework here} implementation of that?

    • by jmccue ( 834797 )

      True, but in the "real world" there is one big thing no one mentioned.

      If you want to be secure:

      -- Do not put these critical systems on the internet at all. This will mean hiring more people and a good wage, which as you know Companies never do.

      And for desktops:

      1. Use nothing like plain txt email and chat software. Do not use any cloud based email.

      2. All attachments are downloaded to a container or chroot or jailed environment. People are forced to use that "container" to open that attachment and have som

    • And then we have this [youtube.com] video from yesterday titled "Software That Never Fails and Can’t Be Hacked" so apparently someone believes software can be secure.

  • "...many lawmakers are pressing the White House for a muscular response to a series of high-profile hacks."

    Last time I looked, muscles don't have brains. They'd probably do better hiring a few guys from one of the ransomware gangs.

    • by gtall ( 79522 )

      I doubt that would help, guys in the ransomware gangs are crooks by nature. They'll simply take the government money and keep their side gigs.

      • "...ransomware gangs are crooks by nature."

        NSA guys aren't?

        Sorry...that was low-hanging fruit. I couldn't resist. (I don't think I'm entirely wrong, either).

  • Cyber BS ..

To be awake is to be alive. -- Henry David Thoreau, in "Walden"

Working...