Senate Confirms Chris Inglis as Biden's Top Cyber Adviser (politico.com) 50
The Senate on Thursday confirmed Chris Inglis to be President Joe Biden's national cyber director, installing the former NSA deputy director as Biden's top cyber adviser at a time when many lawmakers are pressing the White House for a muscular response to a series of high-profile hacks. From a report: As head of the new Office of the National Cyber Director inside the White House, Inglis will coordinate federal agencies' disparate work on cyber issues and oversee the development of the U.S.' digital defense strategy. The Senate confirmed Inglis on a voice vote one day after the Homeland Security Committee unanimously approved his nomination.
The recent ransomware attacks on Colonial Pipeline and the meat processing giant JBS, both attributed to Russian cybercrime gangs, as well as the SolarWinds espionage campaign that intelligence agencies linked to Moscow, thrust cybersecurity into the spotlight on Capitol Hill and prompted renewed scrutiny of the challenges facing the federal government, including its limited understanding of attacks on private companies.
The recent ransomware attacks on Colonial Pipeline and the meat processing giant JBS, both attributed to Russian cybercrime gangs, as well as the SolarWinds espionage campaign that intelligence agencies linked to Moscow, thrust cybersecurity into the spotlight on Capitol Hill and prompted renewed scrutiny of the challenges facing the federal government, including its limited understanding of attacks on private companies.
Re: Biden just asked Putin not to hack, pretty ple (Score:2)
He should let know that if crippling attacks on economic targets aren't handled (ie. find and jail the people responsible) they'd get their economy and infrastructure fucked too.
No cyber-warfare allowed against new presidents! (Score:2)
He should let know that if crippling attacks on economic targets aren't handled (ie. find and jail the people responsible) they'd get their economy and infrastructure fucked too.
When you propagate the troll's Subject you effectively propagate the troll's slant on the discussion. And I see you still got hit by trolls with censor mod points (so I have to quote your original). It's almost like some of Putin's goons have been assigned to "work" Slashdot. (If so, I'm sure it's just for training. Few actual movers and shakers here these years (and even fewer "influencers").)
The angle of the story that interests me is why it took until June for the Senate to get around to confirming Ingli
Re: (Score:3, Insightful)
No, he made it clear that if infrastructure gets hit again Russia et al should expect a response that hits harder than the usual attempts to get criminals extradited. In the mean time, they've heard us, a bunch of Ukrainian ransomware hackers were just rounded up and arrested.
Putin actually respects Biden, and knows Biden will hold him to account, something he didn't Biden's predecessor. But it's funny how Biden's right wing critics think somehow "Soft on Russia" is a legitimate criticism of Biden when n
Re: (Score:3)
Gwd you are so dumb its almost painful, AC.
Biden hands Putin major strategic victories like increasing EU energy dependence on Russia, and you think by punishing some petty criminals as a purely diplomatic gesture after meeting is some kind of victory!
Hint Putin never cared a lick about the various cyber crime groups that did stupid shit like ransomware some meat packers, and DOMESTIC pipe line operators during otherwise quiet times. He enjoyed needling us, and the opportunity to asses the ability of US Gov
"digital defense strategy" (Score:2, Funny)
I suggest cruise missiles.
Quality Software and Firmware (Score:3, Insightful)
Re: (Score:2)
Congratulations you have just destroy the FOSS movement entirely! Nobody and I really mean nobody will put out free software if it exposes them to unknown liability!
Hell would you even post on stack overflow if an incorrect snippet there could expose you to civil let alone criminal damages?
Re: (Score:2)
Seems pretty obvious to me he's talking about VENDORS and requiring support and accountability from companies selling software.
Re: (Score:2)
Seems to me that is distinction without a difference. It means in practice OSS is basically off the table for use in any commercial project / product then. It would for example be more costly to audit something like Apache than it would be to write your own scaled down task specific implementation. So in practice nobody could justify using Apache, to host anything of value. The first thing an Umbrella Insurer or Cyber insurer would ask is are you running vendor backed software?
Companies like RedHat basicall
Re: (Score:2)
That and programmers are already working in a relatively high-stress job. Throw in "Oh yeah if we find any bugs in your code we'll throw you in jail" and yeah fuck that I'd rather sweep floors than drive myself insane.
There's a reason "good faith" is used a lot in courts.
NSA deputy director for security? (Score:2)
NSA leadership should not be permitted anywhere near federal policy decisions or leadership on USA cybersecurity. The NSA is not about improving USA's security. They're about violating it, as demonstrated by their illegal and unconstitutional monitoring of domestic communications, and demonstrated by the backdoors they've been caught insisting on for Cisco and other network hardware vendors. Even when they "collaborate" with civilians to enhance security, as they tried with the "Clipper Chip", their insiste
Re: (Score:1, Funny)
Agreed. Biden should fire existing leaders and install various family members as the heads of all government departments.
Re: (Score:2)
Actually YES! That would be more democratic!
Certainly better than the current system where as we saw over the course of the last five years the administrative state is so large and so entrenched who the actual executive is almost moot. Elections should have consequences! Consequences beyond palace intrigue where the elected official struggles to overcome the obstruction of disloyal bureaucrats anyway!
The concept of Civil Service is antithetical to true democratic representation! We should have a pure spoils
Re: (Score:2)
"We should have a pure spoils system, where pretty much any government worker with decision making authority is expected to get a pink slip, to the degree they don't even ask and just assume they should not bother coming in January 21st."
So the entire military above Private, most of the Post Office, nearly all of the VA, all of the FBI/NSA/CIA, most of the CDC, FDA, DOD, etc.? You want all those people gone in a single day and replaced by political cronies?
Re: (Score:2)
'Voice vote' i.e. nobody was willing to oppose a blatant placement by the deep state into the White House. Funny that...
Re: (Score:2)
The same can be said about the FBI and DOJ for the most part.
Re: (Score:2)
They're about violating it, as demonstrated by their illegal and unconstitutional monitoring of domestic communications, and demonstrated by the backdoors they've been caught insisting on for Cisco and other network hardware vendors.
And at least as importantly, the exploits they are exploiting instead of reporting.
Even when they "collaborate" with civilians to enhance security, as they tried with the "Clipper Chip"
The clipper chip was a deliberate attempt to reduce security, period.
Re: (Score:2)
> The clipper chip was a deliberate attempt to reduce security, period.
It was an attempt to reach a compromise with the need for security. It was deliberately compromised, an unintentional irony.
Re: (Score:2)
The NSA is not about improving USA's security.
Actually it is [wikipedia.org], and that's part of the problem.
They're caught between twin duties of both espionage on foreign agents and powers and protecting the technical infrastructure of the US (computers, communications, etc) from the same by foreign nations. Preforming the latter implies weakening the former. e.g. zero-day exploits, etc.The thing that kind of broke the mold was 9/11 and the Patriot Act. [wikipedia.org]
We need in-depth reporting of cyber attacks. (Score:4, Interesting)
President Biden seems to me to be better than any other president in the last 60 years. However, he often communicates in a sloppy and insufficient manner. President Biden gave the names of agencies the Russian hackers should not hack! There should be NO hacking. See this article:
Biden tells Putin certain cyberattacks should be 'off-limits' [reuters.com]
Helpful article: Scope of Russian Hacking Becomes Clear: Multiple U.S. Agencies Were Hit [nytimes.com]
Quote from that article:
"About 18,000 private and government users downloaded a Russian tainted software update — a Trojan horse of sorts — that gave its hackers a foothold into victims’ systems, according to SolarWinds, the company whose software was compromised."
Should 18,000 private and government users be educated about computer use? How did the software become "tainted"? How do we know that it was Russians who did the damage? Could hackers in other countries arrange to go through Russia?
A huge problem is that few people have technical knowledge.
People have been using their own computers to work from home!! Not company computers. A news story said that home computers used to work remotely are often also used by children.
Re: We need in-depth reporting of cyber attacks. (Score:2)
The Solarwinds hack seems not to have been used for ransomware or sabotage. The costs to remediate are huge, but ultimately it's the kind of hack the NSA would do too ... I doubt it's what Biden meant with off limits.
Re: (Score:2)
Cool I'll put some sticky labels on valuable property in my unlocked car, I think criminals should not steal!
Wait no, my hypothesis is the outcome will be rather poor, tell you what lets try it with your stuff and your car. Threatening escalation for attacking certain targets is one thing. Its no different than saying if you move troops over this border we will counter attack. However its useless unless the threat is credible. I don't think the threat is credible at this point. We have let so many serious
Re: (Score:2)
Re: (Score:2)
Only if the believe what happened to them was some kind of reprisal. Otherwise why would unilaterally disarm and stop cyber espionage - after all you have just experienced first hand what an effective tool it is and you would not have any real reason to think ceasing engagement affords you any protection.
Re: (Score:2)
Re: (Score:1)
"President Biden seems to me to be better than any other president in the last 60 years."
Are you being sarcastic? It's not clear. The rest of your post clearly indicates he's an ineffective moron.
The other presidents also made HUGE mistakes. (Score:2)
Our greatest presidents made great mistakes [chicagotribune.com]. (Feb. 13, 2015)
i would do a multi pronged approach (Score:2, Troll)
Re: (Score:2)
And as soon as the U.S. got caught authorizing any hit in a country that counts, there would be hell to pay. Stop watching TV, bad for you.
Re: (Score:2)
US needs to do the opposite of what they do now... (Score:2, Insightful)
If the US was serious about cyber security they would put defense (i.e. protecting computer systems from attack by the bad guys, working to ensure vulnerabilities get fixed and pushing for stronger and more secure software and encryption) ahead of offense (i.e. holding onto vulnerabilities to use against others, pushing for weaker encryption and taking advantage of flaws to spy on people)
Re: US needs to do the opposite of what they do no (Score:2)
Agreed.
Re: (Score:3)
That's also what game theory prescribes. In game theory you achieve victory by denying your opponents the opportunity to score before trying to maximize your own score. Though Von Neumann was ultimately a warmonger that always thought the US should have gone for a nuclear first strike against the USSR.
Re: (Score:2)
Naughty naughty! The R's in Congress would scream bloody murder that the Fed. Gov. is reaching that far into the private sector. The D's in Congress would decorate any bill authorizing such with some green initiatives.
Re: (Score:2)
If the US was serious about cyber security they would put defense (i.e. protecting computer systems from attack by the bad guys, working to ensure vulnerabilities get fixed and pushing for stronger and more secure software and encryption) ahead of offense (i.e. holding onto vulnerabilities to use against others, pushing for weaker encryption and taking advantage of flaws to spy on people)
And at the end of the day, your systems are still compromised whilst you the attackers just reset and start over again.
You're advising proposing whack-a-mole with anonymous parties in non-extradition treaty countries that are often working through innocent proxies (compromised machines). Going on the attack is going to sweet fuck all and you'll end up exactly where you whilst wasting millions.
Secure software will never happen (Score:5, Insightful)
Let's be honest, writing secure software is hard. And costly. And at the end of the day, you can never really say that your software is secure, only that you've done all you could to try and eliminate some of the known edge cases.
It has been decades, and we are still finding flaws in the Linux kernel, and that is some of the most peer-reviewed code out there. Which to say nothing of the Windows kernel...
If your code has a bug, someone can find a way to turn that bug into the next zero-day; to date, there has only been one secure program that has ever been written, and it is our friend "Hello World." And even then, we can't be completely sure...
Re: (Score:2)
It isn't just "bugs", it is that the systems are complicated enough that bits and pieces can be co-opted to work together to create a security issue. No amount of cleaning up bugs is going to fix this problem.
Re: (Score:1)
There are only a few conditions that need to be met for software to be totally secure:
1) It can have no inputs
2) It can have no outputs
3) It can use no memory
Do these three things and your software can never be hacked.
Re: (Score:2)
there has only been one secure program that has ever been written, and it is our friend "Hello World.".
Have you seen the {insert personal choice of unloved language with big framework here} implementation of that?
Re: (Score:2)
True, but in the "real world" there is one big thing no one mentioned.
If you want to be secure:
-- Do not put these critical systems on the internet at all. This will mean hiring more people and a good wage, which as you know Companies never do.
And for desktops:
1. Use nothing like plain txt email and chat software. Do not use any cloud based email.
2. All attachments are downloaded to a container or chroot or jailed environment. People are forced to use that "container" to open that attachment and have som
Re: (Score:2)
And then we have this [youtube.com] video from yesterday titled "Software That Never Fails and Can’t Be Hacked" so apparently someone believes software can be secure.
I guess we know what to expect from an NSA spook (Score:2, Funny)
"...many lawmakers are pressing the White House for a muscular response to a series of high-profile hacks."
Last time I looked, muscles don't have brains. They'd probably do better hiring a few guys from one of the ransomware gangs.
Re: (Score:2)
I doubt that would help, guys in the ransomware gangs are crooks by nature. They'll simply take the government money and keep their side gigs.
Re: (Score:2)
"...ransomware gangs are crooks by nature."
NSA guys aren't?
Sorry...that was low-hanging fruit. I couldn't resist. (I don't think I'm entirely wrong, either).
Cyber BS .. (Score:1)