America Switching to “There is no Security Anymore” Policy?

An interesting statement came out from an National Security Agency (NSA) employee last week. According to a Dailytech article, the NSA is switching its computer security mindset from defense to the realization that the bad guys will get in.

Debora Plunkett, NSA’s director of the U.S. Information Assurance Directorate said, “There’s no such thing as ‘secure’ any more.  The most sophisticated adversaries are going to go unnoticed on our networks.  We have to build our systems on the assumption that adversaries will get in.  We have to, again, assume that all the components of our system are not safe, and make sure we’re adjusting accordingly.”

This is a change in policy from trying to keep people out, to monitoring and limiting the damage done when they do get in. And get in they have, numerous reports of large corporations, government, and military breaches have made headline news over the years. Foreign Governments, Terror organizations and Nation States had made it a priority to compromise American security and gain as much intel as possible.

The U.S. has been under increasing attack digitally from foreign intelligence agencies, including China and North Korea.  Foreign spies have infiltrated defense contractors, and retrieved information from lost U.S. government hardware.  Deputy Defense Secretary William Lynn, in the September/October issue of the journal Foreign Affairs, estimated that at least 100 foreign intelligence agencies are trying, night and day, to hack into U.S. government systems.  He says that many of these agencies have the sophistication to succeed, at least some of the time, in their plots.

China alone has the manpower to unleash thousands of hackers against a single target. And many feel that foreign powers already have access to critical infrastructure systems. According to Mike McConnell (NSA chief from 1992 to 1996), “[There is not a major computer system of consequence] that is not penetrated by some adversary that allows the adversary, the outsider, to bleed all the information at will.”

What we will probably see is more monitoring and backdoors in software and hardware devices. Things like Lawful Intercept in Cisco routers are well known. Allegations have also been made that the FBI placed several backdoors in OpenBSD:

“… a former government contractor named Gregory Perry came forward and told him that the FBI had put a number of back doors in OpenBSD’s IPsec stack, used by VPNs to do cryptographically secure communications over the Internet.”

The biggest fear is over reaction, like the TSA’s full body scanners. More security is a good thing, as long as it does not continue to erode our personal privacy and freedom.

~ by D. Dieterle on December 21, 2010.

6 Responses to “America Switching to “There is no Security Anymore” Policy?”

  1. ““There’s no such thing as ‘secure’ any more…”

    Well, that gives one a warm and fuzzy feeling, considering the source. lol

    honeypot philosophy? make them think we gave up, then drop the righteous hammer on them! lol at least, that’s what I’m telling myself….

    • Yeah, I know right. Well, atleast they aren’t faking like everything is okay anymore. Some of the early government IT heads that told it like it is early on really caught a lot of flack.

      The Titanic is Sinking! – No its not, we are going to set a world record in transit speed! – But we are sinking!!!

      I like the honeypot idea. Man, I think that Rsignia’s CyberScope solution should drop attackers right into a honeypot when they sense the attack. Sure, counter-attacking is very cool, but then they know they have been had.

      Counter hack them and find out what else they have gotten their grimey little paws into!

  2. […] has already stated that they are now looking at security from the stand point that the system has already been compromised. This would mean that the attention changes to analyzing internal data flow and network security […]

  3. […] it is just a fact of life now. The NSA came to this conclusion about network security in 2010.  Debora Plunkett, NSA’s director of the U.S. Information Assurance Directorate said, “There’s no such thing as ‘secure’ any more.  The most sophisticated adversaries are […]

  4. […] assistant director of the FBI’s Criminal, Cyber, Response and Services Branch, echoed what the NSA said a few years ago, that network operators “need to assume that they have or will be […]

  5. […] director of the FBI’s Criminal, Cyber, Response and Services Branch, echoed what the NSA said a few years ago, that network operators “need to assume that they have or will be […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: