FBI Warns of Sweeping Global Threat To US Cybersecurity 134
GovIT Geek writes "The FBI's newly appointed chief of cyber security warned today that 'a couple dozen' countries are eager to hack US government, corporate, and military networks. While he refused to provide country-specific details, FBI Cyber Division Chief Shawn Henry told reporters at a roundtable that cooperation with foreign law enforcement is one of the Bureau's highest priorities and added the United States has had incredible success fostering overseas partnerships."
No duh... (Score:3, Informative)
Job Security 101 (Score:3, Informative)
There is no doubt there are bad people that would like to do bad things to others in the world, but why anyone takes this kind of propaganda seriously is beyond me.
It's more than likely the amount of funding he gets is directly proportional to the amount of fear mongering produced.
USAF Cyber-Command Demoted Relation (Score:4, Informative)
Re:I'm nervous that he would mention corporate net (Score:5, Informative)
The implication of a government person saying we have a problem, is that the government should do something about it. And for the military and other government networks, that's fine.
But why do we ("we" being the government) need to do anything to protect corporate (or any other private) computers? The owner/operators of computers can protect them on their own. Just stop running foreign code.
This isn't like physical security, where, say, IBM can't (and shouldn't have the means) to protect themselves from nuclear ICBM attack. It makes sense to put government in charge of securing the country against certain threats, and that job (if stated broadly enough) is arguably the only reason we need government to exist at all. But cyber-security isn't one of those situations, because individuals and groups can protect themselves, without putting anyone else at risk.
If you're premise was correct your position would have some merit, but because you're probably thinking very narrowly about the problem you've missed some very big issues.
First, much of our infrastructure is run by private companies. Think about how effective inter agency communication isn't when phones and cell phones don't work (think Katrina and 9-11). Our utilities are almost completely under private control and that includes nuclear reactors, dams, and the electrical grid. The Nuclear Regulatory Commission sets standards for security, but computer systems and security (both virtual and real) are all handled by private companies, most often contractors.
Second, even non-infrastructure companies can be hugely disruptive. Think what could happen if someone gained control over the automated systems that report on the prices of stocks, commodities, bonds, and other financial mechanisms. Creating a run on a bank, Wall Street, or a huge fluctuations in the value of the Dollar would be trivial if someone just had access for a short time period. If someone had undetected access and a more subtle mindset the damage could be both much longer term and much worse.
Finally, even companies and organizations that don't control infrastructure or financial systems can have a huge impact if their systems are compromised. Your example of IBM's being able to protect themselves without risk to others is also critically flawed. Last year IBM did $1.43 billion in consulting work for the US government. (1.4% of total 2007 revenue) You don't suppose that in that some of the work is classified? I know some of it is and further, given continued access, I could see the new stuff as the contracts are awarded to Big Blue. This also ignores the disruption that they could create because they are a well trusted ASN on the Internet. The sheer number of workstations and servers they have would also make them attractive to operate as part of a bot net.
In short, there are lots of ways that any large company can hurt the rest of us if they aren't responsible with their security. Now, I'm not buying into the idea that the government being responsible for everyone's network security, they couldn't if they wanted to, but right now network security is something that a lot of companies haven't taken seriously and they _can_ harm us with their negligence.
Re:Dark days of paranoia and spying. (Score:4, Informative)
Fortunately for the US, politeness isn't mandatory - they seem to find it quite easy to pressure a country to do whatever they like: http://www.theregister.co.uk/2006/06/19/us_pushes_sweden/ [theregister.co.uk] - *cough* assholes