Entries Tagged "national security policy"

Page 51 of 61

Preparing for Cyberwar

Interesting article from The New York Times.

Because so many aspects of the American effort to develop cyberweapons and define their proper use remain classified, many of those officials declined to speak on the record. The White House declined several requests for interviews or to say whether Mr. Obama as a matter of policy supports or opposes the use of American cyberweapons.

The most exotic innovations under consideration would enable a Pentagon programmer to surreptitiously enter a computer server in Russia or China, for example, and destroy a “botnet”—a potentially destructive program that commandeers infected machines into a vast network that can be clandestinely controlled—before it could be unleashed in the United States.

Or American intelligence agencies could activate malicious code that is secretly embedded on computer chips when they are manufactured, enabling the United States to take command of an enemy’s computers by remote control over the Internet. That, of course, is exactly the kind of attack officials fear could be launched on American targets, often through Chinese-made chips or computer servers.

So far, however, there are no broad authorizations for American forces to engage in cyberwar. The invasion of the Qaeda computer in Iraq several years ago and the covert activity in Iran were each individually authorized by Mr. Bush. When he issued a set of classified presidential orders in January 2008 to organize and improve America’s online defenses, the administration could not agree on how to write the authorization.

I’ve written about cyberwar here.

Posted on April 30, 2009 at 2:18 PMView Comments

"No-Fly" Also Means "No-Flyover"

I’ve previously written about the piece of counterterrorism silliness known as the no-fly list:

Imagine a list of suspected terrorists so dangerous that we can’t ever let them fly, yet so innocent that we can’t arrest them—even under the draconian provisions of the Patriot Act.

Turns out these people are so dangerous that they can’t be allowed to fly over United States territory, even on a flight from Paris to Mexico.

What makes the whole incident even more interesting is that Air France had only sent its passenger manifest to the Mexicans, but now it is clear that Mexico shares this information with the United States.

Hernando Calvo Ospina has written articles about the United States involvement in Latin America, and is currently writing a book about he CIA. The exact reason for him being on the terrorist watch list is unknown, and we’ll probably never know what criteria are used for adding people to it. Air France is considering asking the United States for compensation. Good luck with that.

Additional links.

Posted on April 28, 2009 at 1:00 PMView Comments

Melissa Hathaway Interview

President Obama has tasked Melissa Hathaway with conducting a 60-day review of the nation’s cybersecurity policies.

Who is she?

Hathaway has been working as a cybercoordination executive for the Office of the Director of National Intelligence. She chaired a multiagency group called the National Cyber Study Group that was instrumental in developing the Comprehensive National Cyber Security Initiative, which was approved by former President George W. Bush early last year. Since then, she has been in charge of coordinating and monitoring the CNCI’s implementation.

Although, honestly, the best thing to read to get an idea of how she thinks is this interview from IEEE Security & Privacy:

In the technology field, concern to be first to market often does trump the need for security to be built in up front. Most of the nation’s infrastructure is owned, operated, and developed by the commercial sector. We depend on this sector to address the nation’s broader needs, so we’ll need a new information-sharing environment. Private-sector risk models aren’t congruent with the needs for national security. We need to think about a way to do business that meets both sets of needs. The proposed revisions to Federal Information Security Management Act [FISMA] legislation will raise awareness of vulnerabilities within broader-based commercial systems.

Increasingly, we see industry jointly addressing these vulnerabilities, such as with the Industry Consortium for Advancement of Security on the Internet to share common vulnerabilities and response mechanisms. In addition, there’s the Software Assurance Forum for Excellence in Code, an alliance of vendors who seek to improve software security. Industry is beginning to understand that [it has a] shared risk and shared responsibilities and sees the advantage of coordinating and collaborating up front during the development stage, so that we can start to address vulnerabilities from day one. We also need to look for niche partnerships to enhance product development and build trust into components. We need to understand when and how we introduce risk into the system and ask ourselves whether that risk is something we can live with.

The government is using its purchasing power to influence the market toward better security. We’re already seeing results with the Federal Desktop Core Configuration [FDCC] initiative, a mandated security configuration for federal computers set by the OMB. The Department of Commerce is working with several IT vendors on standardizing security settings for a wide variety of IT products and environments. Because a broad population of the government is using Windows XP and Vista, the FDCC imitative worked with Microsoft and others to determine security needs up front.

Posted on February 24, 2009 at 12:36 PMView Comments

Cost of the U.S. No-Fly List

Someone did the analysis:

As will be analyzed below, it is estimated that the costs of the no-fly list, since 2002, range from approximately $300 million (a conservative estimate) to $966 million (an estimate on the high end). Using those figures as low and high potentials, a reasonable estimate is that the U.S. government has spent over $500 million on the project since the September 11, 2001 terrorist attacks. Using annual data, this article suggests that the list costs taxpayers somewhere between $50 million and $161 million a year, with a reasonable compromise of those figures at approximately $100 million.

Posted on February 3, 2009 at 1:01 PMView Comments

Shaping the Obama Administration's Counterterrorism Strategy

I’m at a two-day conference: Shaping the Obama Adminstration’s Counterterrorism Strategy, sponsored by the Cato Institute in Washington, DC. It’s sold out, but you can watch or listen to the event live on the Internet. I’ll be on a panel tomorrow at 9:00 AM.

I’ve been told that there’s a lively conversation about the conference on Twitter, but—as I have previously said—I don’t Twitter.

Posted on January 12, 2009 at 12:44 PMView Comments

James Bamford Interview on the NSA

Worth reading. One excerpt:

The problem is that NSA was never designed for what it’s doing. It was designed after World War II to prevent another surprise attack from another nation-state, particularly the Soviet Union. And from 1945 or ’46 until 1990 or ’91, that’s what its mission was. That’s what every piece of equipment, that’s what every person recruited to the agency, was supposed to do, practically—find out when and where and if the Russians were about to launch a nuclear attack. That’s what it spent 50 years being built for. And then all of a sudden the Soviet Union is not around anymore, and NSA’s got a new mission, and part of that is going after terrorists. And it’s just not a good fit. They missed the first World Trade Center bombing, they missed the attack on the U.S.S. Cole, they missed the attack on the U.S. embassies in Africa, they missed 9/11. There’s this string of failures because this agency was not really designed to do this. In the movies, they’d be catching terrorists all the time. But this isn’t the movies, this is reality.

The big difference here is that when they were focused on the Soviet Union, the Soviets communicated over dedicated lines. The army communicated over army channels, the navy communicated over navy channels, the diplomats communicated over foreign-office channels. These were all particular channels, particular frequencies, you knew where they were; the main problem was breaking encrypted communications. [The NSA] had listening posts ringing the Soviet Union, they had Russian linguists that were being pumped out from all these schools around the U.S.

Then the Cold War ends and everything changes. Now instead of a huge country that communicated all the time, you have individuals who hop from Kuala Lampur to Nairobi or whatever, from continent to continent, from day to day. They don’t communicate [electronically] all the time—they communicate by meetings. [The NSA was] tapping Bin Laden’s phone for three years and never picked up on any of these terrorist incidents. And the [electronic] communications you do have are not on dedicated channels, they’re mixed in with the world communication network. First you’ve got to find out how to extract that from it, then you’ve got to find people who can understand the language, and then you’ve got to figure out the word code. You can’t use a Cray supercomputer to figure out if somebody’s saying they’re going to have a wedding next week whether it’s really going to be a wedding or a bombing.

So that’s the challenge facing the people there. So even though I’m critical about them for missing these things, I also try in the book to give an explanation as to why this is. It’s certainly not because the people are incompetent. It’s because the world has changed.

I think the problem is more serious than people realize. I talked to the people at Fort Gordon [in Georgia], which is the main listening post for the Middle East and North Africa. What was shocking to me was the people who were there were saying they didn’t have anybody [at the time] who spoke Pashtun. We’re at war in Afghanistan and the main language of the Taliban is Pashtun.

The answer here is to change our foreign policy so that we don’t have to depend on agencies like NSA to try to protect the country. You try to protect the country by having reasonable policies so that we won’t have to worry about terrorism so much. It’s just getting harder and harder to find them.

Also worth reading is his new book.

Posted on December 18, 2008 at 6:42 AMView Comments

Friday Squid Blogging: Preserving Giant Squid

At the Smithsonian:

At the centerof the Smithsonian Institution’s National Museum of Natural History’s gleaming new Sant Ocean Hall lies a preserved giant female squid—the arresting, spineless star among the vibrant exhibition’s animal specimens. Tentacles menacingly outstretched and seemingly frozen in time, the 24-foot squid embodies humans’ fascination with the briny deep. But this squid also symbolizes something else: an ongoing experiment in the chemistry of preservation, without which the Smithsonian’s new exhibition would not have been possible.

Also note the terrorism tie-in:

To create the exhibit, the Smithsonian had to work around post-9/11 rules restricting flammable materials, while maximizing the lifelike appearance of the squid for public display. They turned not to formalin or ethanol, but to a new fluorinated chemical called Novec, developed by 3M.

If we give up our preserved giant squids, then surely the terrorists have won.

Posted on November 21, 2008 at 4:20 PMView Comments

1 49 50 51 52 53 61

Sidebar photo of Bruce Schneier by Joe MacInnis.