Comments on: US Cyber Defenses Full of Holes

By: Jimmy

Jimmy — Thu, 04 Feb 2010 17:41:33 +0000

Gee, I wonder if we just can’t stop WalMart from buying anymore Chinese exports until we are satisfied that they have stopped hacking us. Since they don’t let their money have the appropriate exchange rate, we could tariff their imports to get money to pay for cybersecurity. I am all for free trade, but I also want fair trade.

By: ron

ron — Tue, 15 Dec 2009 22:29:10 +0000

Thanks to the supercomputer tech that the US sold China. Clinton and then Bush, appeased China to no end. Intel/AMD/IBM are all american businesses. China does not even have a major microprocessor developer headquartered within their borders.

By: Guest

Guest — Fri, 27 Nov 2009 19:35:39 +0000

I find it interesting that the government is still heavily relying upon chips from China when a NIR was released a few years ago in which the Chinese government published an internal document citing “cyber-terrorism” as a viable means of weakening their “enemies” (among whom the United States was listed). Why are we playing a passive defense and handing the keys to the front door to those that want to do the most harm?

The Chinese have already been caught attacking our military and government computers through Titan Rain (if you think the Chinese Gov’t wasn’t aware of their actions, you don’t know the extent of government control in China). What is wrong with our government officials? Why are we always playing patty-cake with these guys?

By: JCitizen

JCitizen — Fri, 27 Nov 2009 19:17:54 +0000

One question.

Have you seen the new Coalition Warrior Interoperability Demonstration 2009 Orientation Guide?

This being put out by USJFCOM? This is all I’m going to say about it. If you haven’t and are interested I can send a copy. But you will have to ID yourself somehow. You could start out by making me a friend on Military.com

I work for no person or company. I’m just a patriot that hates malware and is interested in the cyber and otherwise defense of my country.

By: JCitizen

JCitizen — Fri, 27 Nov 2009 19:06:42 +0000

DOD has tested network defensive software that is proven fool proof. It is just that if your not a big corporation with a large wallet to lobby congress, you are not going to get a contract. And most likely many of them are afraid their intellectual property will be given to the Chinese by dishonest cranks within the system: also they fear getting their property rights confiscated by something like emminent domain, for the good of the country. Without guarantees — it is unlikely we will ever get cooperation from the geniuses that have the solutions to our cyber-security problems.

NSA could fix the problem, but with O’Bama setting on the appointment of a cyber-security cabinet chief; their is no leadership here.

By: John

John — Fri, 27 Nov 2009 16:44:47 +0000

I find comments on cyber to miss the point completely. We (I) knew in 1979 our nation was in trouble as I commanded the first cyber unit. At that time it was called the Red Team and was a creation of SAC and AFCC. Note this is all AF. CINCSAC created an exercise called Global Shield and for the first time C4 was actually attacked. Everything was on the table — computer systems, satellite, power, ATC, telephone switching systems and you name it. What we learned was documented extensively and we repeated our efforts in four more exercises. Get over it — we knew and did nothing. Today the AF hides cyber in Space Command — Space Command should work for cyber as there job is satellite housekeeping — the operator decides how the payloads are used.

By: Forefronts

Forefronts — Thu, 26 Nov 2009 19:00:45 +0000

As throughout the IC, the NSA has been impeded from doing what it does best behind closed doors.
Attracting,funding and keeping the best and brightest in the defense of our nation needs to be reestablished as a ‘priority one’ in closing cyber as well as other threats to our Nation.
Our enemies are certainly taking that approach.

By: Gordon of Khartoum

Gordon of Khartoum — Thu, 26 Nov 2009 18:40:43 +0000

This whole cyber security is just ridiculous-you can't make it secure, and that was known a long time ago. Plus,the lines of code times programmers, errors in chips-didn't take much research to to put that out. The net is a ixed fortification", like Patton said, and a "monumnet ot man's stupidity." Patching holes and reconfiguring firewalls is purely defensive-go after the attackers-can't you IT guys imbed a viral reply or something? Turn their computers into jelly? "Yeah! SUre! Here's my bank accoujnt nr. and PIN. Go ahead. Click on this link to put $2 million into my account" Yup! Banning thumbdrvies is just an admission that IT can't handle it.

By: Bruce Almich

Bruce Almich — Thu, 26 Nov 2009 17:05:07 +0000

Security specialists need more hands-on training with equipment configured similarly to the “real world” but in environments where these “sandbox” training labs are separate from their corporate networks.

By: Scott Isaacs

Scott Isaacs — Wed, 25 Nov 2009 15:22:11 +0000

Considering how much we rely on computers for our military to operate, we should try to find the time and money to address the coding issues. In particular we need to take capitalism out of the equation and have all chips to be used in defense computers manufactured here in the United States. At least that would make Chinese intelligence have to flip people here as opposed to handing over easy access to them by using Chinese manufacturers to begin with.

It also seems to me that since the NSA handles most of the govt’s decryption operations which puts computers, both software and hardware, in their wheelhouse that they would be the logical choice to coordinate the security of the United States’ mission-critical computer components. The NSA also has plenty of experience, having been around for decades and having started using computers practically in their infancy.

By: Mark S.

Mark S. — Sun, 22 Nov 2009 19:15:49 +0000

Ah the joys of Windows!

By: Propellerhead

Propellerhead — Fri, 20 Nov 2009 16:13:21 +0000

I wrote a whole article in a published magazine on the very topic… comes down to pre-planning to make sure the architecture is planned well enough to avoid making holes, and constant surveillance with a well planned reaction process.…though as Charlie points out, it is a question of money.
Remember also that software is not just on PCs and chips, it is also on the Routers and Switches that run the Internet…constant battle to patch those OS’s and fix configuration holes.

By: Charlie

Charlie — Fri, 20 Nov 2009 08:24:34 +0000

It comes down to money. The cost and time is quite large.
Some of the most completely debugged software goes into A/C flight control systems. Even so crashes have occurred due to bugs in the software.

Part of the defense is multilayered in nature, and does not rely on single point or method detection.
Unfortunately, observed unusual behavior is still needed and used as part of the actual defense.