Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Department of Homeland Security Wants Nerds For a New "Cyber Reserve'"

samzenpus posted about 2 years ago | from the grabbing-geeks dept.

Government 204

pigrabbitbear writes "Just three weeks after Defense Secretary Leon Panetta told an audience at the Sea, Air and Space Museum that the U.S. is on the brink of a 'cyber Pearl Harbor,' the government has decided it needs to beef up the ranks of its digital defenses. It's assembling a league of extraordinary computer geeks for what will be known as the 'Cyber Reserve.'"

cancel ×

204 comments

Sorry! There are no comments related to the filter you selected.

NO! (4, Funny)

ganjadude (952775) | about 2 years ago | (#41848655)

you cannot commandeer /.!

Re:NO! (5, Funny)

ColdWetDog (752185) | about 2 years ago | (#41848671)

Maybe not but if they handed out T-shirts, geeks would be all over it.

Re:NO! (1)

EmagGeek (574360) | about 2 years ago | (#41848959)

Free Red Bull and Doritos.

Re:NO! (2)

AK Marc (707885) | about 2 years ago | (#41849187)

Chee-toes and Monutain Dew, damnit. Or does that show my age?

Re:NO! (2, Insightful)

Anonymous Coward | about 2 years ago | (#41849353)

It shows you have better taste than all them kids theses days, with their colorful bovine

Re:NO! (2)

c0lo (1497653) | about 2 years ago | (#41848865)

you cannot commandeer /.!

Warmly recommend DHS to try at 4chan: recruit them young, you know! (grin)

Re:NO! (1)

lightknight (213164) | about 2 years ago | (#41849391)

DHS -> Pays 4chan to run ads for them, is surprised by the number of applicants.

Re:NO! (1)

ThatsMyNick (2004126) | about 2 years ago | (#41849593)

And most turn to be fake applications, just to generate ad revenue for 4chan.

Re:NO! (1)

Jeremiah Cornelius (137) | about 2 years ago | (#41848989)

Doesn't this seem like a GREAT OPPORTUNITY for an Anonymous op?

#OpReserves Sign up now!

Go for it, kids!

Re:NO! (1)

antdude (79039) | about 2 years ago | (#41849103)

Oh deer. :P

Re:NO! (0)

Anonymous Coward | about 2 years ago | (#41849115)

Puhlease. If they got the average Slashdotter laid just once if would be game over...

Re:NO! (2)

Impy the Impiuos Imp (442658) | about 2 years ago | (#41849397)

Yes they can. How exciting!

It'll be just like this! [youtube.com]

Well, except for the friends, party, and wife.

Cyber Reserve? (5, Funny)

chill (34294) | about 2 years ago | (#41848679)

You know they are jealous of Best Buy and wanted to call this the Geek Squad.

Re:Cyber Reserve? (0)

Anonymous Coward | about 2 years ago | (#41849297)

Interestingly only people of approximately the same technical ability would consider either job.

Re:Cyber Reserve? (4, Funny)

Warhawke (1312723) | about 2 years ago | (#41849435)

I figured Cyber Men would be a better name for an extended army of...

Oh.

You know I've been wondering about this.... (5, Insightful)

rsilvergun (571051) | about 2 years ago | (#41848719)

give the prevalence of H1B immigrants and the fact that most aren't staying in the country (better digs back home) does America have any hope of hanging onto a competitive edge? Not that it matters much for the guys at the top (they're global, they don't think about little stuff like countries anymore), but for little 'ole me stuck here in the good 'ole US of A it's a worry.

And if you think I'm exaggerating, you either aren't working in tech or you're not paying attention.

Re:You know I've been wondering about this.... (0)

Anonymous Coward | about 2 years ago | (#41849077)

So you're saying the DHS should hire some H1Bs?

Re:You know I've been wondering about this.... (0)

Teancum (67324) | about 2 years ago | (#41849323)

A bunch from Pakistan, Russian, North Korea, and Iran would love to volunteer to work for the U.S.Department of Homeland Security. The Chinese would simply turn their nose up at the prospect though because they won't be making enough money.

Assembling? (5, Funny)

The Grim Reefer (1162755) | about 2 years ago | (#41848727)

Or rounding up?

[puts on tinfoil hat]

Re:Assembling? (4, Interesting)

reboot246 (623534) | about 2 years ago | (#41849151)

Many would say that working for DHS would be working for the enemy. They are quite good at terrorizing U.S. citizens.

More like dividing and conquering (5, Insightful)

Anonymous Coward | about 2 years ago | (#41849167)

Look she spouted a lot of garbage about 'cyber-geddon' and it was torn apart by geeks pointing out that hacking a web page of a power station with its 10 visitors a day, is not synonymous with attacking the power station, and that the fix for these problems is to keep critical stuff on private network links.

So they hire a few geeks who will talk sh1t to attack the real enemy, us and our plain talking common sense! The War on Common Sense!

I noticed that the Russian Hacker, Georgia revealed a few days ago, was a sad man living in a crappy room, not a soldier in a military uniform surround by War Game screens. They are just a pest, and for Georgia it should have patched its servers and locked down its logins, even for the government websites so he couldn't deface them.

If you have a problem, you fix the problem, you don't declare war on it.

Re:Assembling? (1)

drooling-dog (189103) | about 2 years ago | (#41849647)

Or rounding up?

My thought exactly. You're looking at the official suspect list when our digital armageddon finally comes...

If it worked like the Army reserve, I'd be in. (4, Interesting)

jerpyro (926071) | about 2 years ago | (#41848733)

Think about it, you participate one weekend a month for sec training and preparedness drills, and take on a special project every once in a while, and get the military benefits without leaving your house. I'd be in for that, especially if it (being those projects) could be done as moonlighting outside my regular job. That doesn't sound so bad.

Re:If it worked like the Army reserve, I'd be in. (1)

Anonymous Coward | about 2 years ago | (#41848793)

DHS won’t be able to pay Google money, so the department’s new marketing-recruiting pitch is: “Excitement!”

Yeah, I'm in.

Re:If it worked like the Army reserve, I'd be in. (1)

thrillseeker (518224) | about 2 years ago | (#41848853)

"Secure the happiness."

Re:If it worked like the Army reserve, I'd be in. (1)

AK Marc (707885) | about 2 years ago | (#41849203)

What, is it a big CS game? America's Army? Weekend LAN party at the White House.

Re:If it worked like the Army reserve, I'd be in. (1)

sgt scrub (869860) | about 2 years ago | (#41848837)

Count me in too. Well, assuming "preparedness drills" involve donuts instead of pushups.

Re:If it worked like the Army reserve, I'd be in. (1, Interesting)

Anonymous Coward | about 2 years ago | (#41848949)

Actually, it does sound bad. Who the fuck wants to mobilize for cleanup of the inevitable mess that will happen due to them sending billions of dollars to Redmond? You know that's what they want for for: to be the guy who re-installs Windows after the AV software can't remove something. Fuck it. Let it burn. If the constituents get mad about the downtime, maybe the money-wasting will finally end.

If they're really against cyber-Pearl-Harbor, then they should do what we all say now and have been saying for the last couple decades. We keep saying it's just a matter of time until someone's whim is for malware to do something truly bad, instead of merely playfully naughty. But they keep running malware. Don't come crying to us later, pretending that you didn't know you were making the computers unsafe and ripping off the taxpayers while you did it.

If anything, the sooner Cyber-Pearl-Harbor happens, the better. The billions of dollars of damage to the economy sounds like a lot in 2012, but it's not nearly as much as the cost in 2017, 2022, .... If only we had sustained the loss in 1997 or even 2002 the country would be in decent shape by now. Let's just get it over with, so we can finally start remembering our common sense.

Re:If it worked like the Army reserve, I'd be in. (0)

Anonymous Coward | about 2 years ago | (#41849119)

Yeah, no problem if you embark on a project that shuts down water and power to a country that did nothing to you and people die as a result. You'll likely be doing more offense than defense.

Re:If it worked like the Army reserve, I'd be in. (5, Informative)

girlinatrainingbra (2738457) | about 2 years ago | (#41849269)

re: If it worked like the Army reserve, I'd be in. Think about it, you participate one weekend a month for ,,,

.

You do know that :

-- quite a few of the reserves are actually deployed at the present;

--a lot of the National Guard is called out and deployed at the present;

-- a lot of people who have finished their tours are told that they must re-up.

.

Even if they are not deployed overseas, they are often activated to take the place on base of combat troops who are deployed overseas. So if you're part of the Ready Reserve [wikipedia.org] , be ready to be deployed at any time of need. Not that there's anything wrong with that. Just know about that ahead of time.

Re:If it worked like the Army reserve, I'd be in. (4, Informative)

stephanruby (542433) | about 2 years ago | (#41849279)

I'd be in for that, especially if it (being those projects) could be done as moonlighting outside my regular job. That doesn't sound so bad.

If they actually pay you for it, I doubt they'd let you do it at home.

Think about it, you participate one weekend a month for sec training and preparedness drills, and take on a special project every once in a while, and get the military benefits without leaving your house.

The US military is famous for switching job descriptions once people have entered their ranks.

Many people want to be Air Force pilots for instance, so they sign up with the Air Force, but when they find that it's really too competitive to be a pilot, or they don't have the political connections to make that happen. It's too late already -- they've signed on the doted line. The same goes for State Military Reserves, most thought they were committing themselves for a limited time duration of possibly doing disaster relief work, or at most that they might fight within the US in case it ever got attacked, not they were going to fight in Iraq in a pre-emptive war, and nor did they know that their contracts could be changed indefinitely at will.

Re:If it worked like the Army reserve, I'd be in. (1)

Anonymous Coward | about 2 years ago | (#41849491)

That's not switching the job description, I'm pretty sure you sign up to be in the Air Force, I'm pretty sure they won't promise you'll be a pilot or a sniper before you sign up (maybe that it's a possibility). That's like signing up to work at best buy and then saying they duped you when you don't become manager.

up till your called in and end up on a year long p (1)

Joe_Dragon (2206452) | about 2 years ago | (#41849615)

up till your called in and end up on a year long project and then what happens when you go back to your job??? The law says they can't do anything but you may have to stand up for your rights.

Please, just stop... (5, Interesting)

FSWKU (551325) | about 2 years ago | (#41848739)

Once again, the clueless people in high places prove they don't understand. Attaching "cyber", "e", "online" or even "with a computer" to something does NOT make it a new threat. And "Cyber Pearl Harbor"? Gimme a damn break. There is no need to try and compare unlawful access to a computer system by a foreign entity to an attack that killed thousands of people and drew the US into one of the bloodiest conflicts in human history.

Espionage is espionage, regardless of wether it's someone sneaking documents out of a building or tapping into someone's computer system. Just because something happens on a computer does not automatically make it a new class of crime for which there must be an immediate expenditure of untold sums of taxpayer money.

So please, governments....stop with the crap already...

Re:Please, just stop... (0, Insightful)

Anonymous Coward | about 2 years ago | (#41848829)

Once again, the clueless people in high places prove they don't understand. Attaching "cyber", "e", "online" or even "with a computer" to something does NOT make it a new threat. And "Cyber Pearl Harbor"? Gimme a damn break. There is no need to try and compare unlawful access to a computer system by a foreign entity to an attack that killed thousands of people and drew the US into one of the bloodiest conflicts in human history.

Espionage is espionage, regardless of wether it's someone sneaking documents out of a building or tapping into someone's computer system. Just because something happens on a computer does not automatically make it a new class of crime for which there must be an immediate expenditure of untold sums of taxpayer money.

So please, governments....stop with the crap already...

Do you understand that we're not talking about stealing credit cards from Sony's PSN?

We're talking about China deciding that the USA needs to be taught a lesson. So, Chinese military hackers break into a wastewater treatment plant, use the SCADA controls to prematurely dump a tank of sewage into the clean water intake. The bacteria that enter the drinking supply poisons a good portion of an entire city and thousands (if not tens of thousands) die.

"Cyber Pearl Harbor" is not really as far-off the idea as you might imagine. It's killing people with computers instead of airplanes and bombs.

Re:Please, just stop... (2)

user32.ExitWindowsEx (250475) | about 2 years ago | (#41849013)

Why would this hypothetical plant be connected to anything?
If it has data connections to anything more than the other ends of the intake and outflow pipes the people who decided to include such connections should be charged with treason and shot.

If it can be hacked via a genuinely-needed connection the people who made the hack possible should be charged with treason and shot.

Re:Please, just stop... (5, Informative)

SB9876 (723368) | about 2 years ago | (#41849125)

Ummmmmmm...
Have you just not been reading anything at all about the pervasive SCADA security holes that keep popping up everywhere? Hooking industrial control hardware to the internet to centralize monitoring, control and update has been a huge industry movement. Combine that with a mindset in the SCADA industry and end users that is much more focused on reliability than security and you get the equivalent of thousands of pieces of hardware on the internet with the security equivalent of a wireless router with the default admin account and password.

The SCADA security holes have only recently come to the attention of the industry. I can assure you that there's a giant collective brick being shat over it but fixing this stuff takes time.

And foaming at the mouth about honest mistakes isn't going to solve anything.

Re:Please, just stop... (1)

ATMAvatar (648864) | about 2 years ago | (#41849349)

Hooking industrial control hardware to the internet to centralize monitoring is the security hole. The industry chose to sacrifice security (by providing for external control) to save a few dollars in management costs. A simple business decision was made that the savings were worth it because the risk of being compromised was small and the costs were great enough that the government would step in and bail them out if anything happened anyways.

Re:Please, just stop... (4, Informative)

Absolutely.Geek (2765293) | about 2 years ago | (#41849379)

As someone who works with this stuff all the time, I feel I can say this with some degree of authority, if you connect your SCADA / PLC system DIRECTLY to a internet connected PC. You should be drawn and quartered / keel hauled for pure stupidity.

I have access to some of my customers sites remotely, all of them are through secure VPN then either RDP from the secure connection or in one case through citrix to the computer in question. If their IT dept can't sort out VPN security that is another issue entirely.

When it comes to industrial gear stability is #1, #2, #3 and #4 on the list of priorities, and #5 is physical security, most plants that I have worked at are fenced and require you to go through a gate house of some sort before you can enter site, this is not because they are doing some super secrete work it is for liability issues, if some retard sneaks onto the site and gets an arm ripped off because they put their hand in some bit of plant, the fines and paperwork would be hideous.

Most computers on industrial sites will be running unpatched XP SP2, but it is ok because there should not be any internet connection to these machines. USB's should also be limited to trusted ones for backups.

Ok rant over.....I could go on....

to bad PS2 ports are going away (1)

Joe_Dragon (2206452) | about 2 years ago | (#41849673)

to bad PS2 ports are going away now there should be some kind of NEW PC's (yes that means dells, HP's, ECT) with PS/2 ports or even a pci / pci-e PS2 card.

So you can have a secure pc system that does not have USB or has USB that is 100% off.

Re:Please, just stop... (1)

Type44Q (1233630) | about 2 years ago | (#41849461)

T.F.A. is talking about military/gov't and you're talking about industry...

Conflating and misleading (2, Interesting)

Anonymous Coward | about 2 years ago | (#41849533)

"The SCADA security holes have only recently come to the attention of the industry. I can assure you that there's a giant collective brick being shat over it but fixing this stuff takes time."

Rubbish.

What DHS is doing talking and what you also did was this:
a) Talking about SCADA system vulnerabilities and mentioning STUXNET as evidence of it (and not mentioning that it had to be introduced by a spy inside the plant and not internet facing)
b) Talking up cyber intrusions on web servers (which are internet facing).
c) Conflating the two as if they are both cyber attacks and thus the man attacking the web server can attack the SCADA system because they're both 'cyber'.

SCADA systems as NOT mostly on the internet with open logins, that's a fooking lie. This problem has been known from the start and the technicians who put these systems in are no idiots who've only just found out there may be a problem.

The problem here is the misinformation from the DHS to pump its own budget.

Re:Please, just stop... (2)

zerro (1820876) | about 2 years ago | (#41849185)

of course there should be an air-gap on any plant system like this, and likely is...
But then again there are things specifically targeted at jumping air-gaps.
I dont think there are any "experts" who believe stuxnet/flame hit targets directly.

I dont think these plants would have information security on par with nuclear power plants

But hey what do i know!

The preceding post brought to you by: Conjecture.

Re:Please, just stop... (2)

niftydude (1745144) | about 2 years ago | (#41849093)

We're talking about China deciding that the USA needs to be taught a lesson.

Why would China want to teach the USA a lesson? The Chinese already own most US debt.

The only reason the US could be justifiably paranoid about what China can/can't do to them, is if the US intends to default on China, stop paying interest, and pre-emptively attack China to get out of the situation.

Re:Please, just stop... (1, Troll)

Vekseid (1528215) | about 2 years ago | (#41849363)

> Why would China want to teach the USA a lesson? The Chinese already own most US debt.

No, they do not. [treasury.gov] China and Hong Kong combined don't crack 10%.

> The only reason the US could be justifiably paranoid about what China can/can't do to them, is if the US intends to default on China, stop paying interest, and pre-emptively attack China to get out of the situation.

Treasuries do not work that way. China can take advantage of the Federal Reserve's Quantitative Easing program in which a branch of the government effectively buys back said treasuries, but in treasuries are nothing more than pieces of paper that can be redeemed at a future date for a certain value, and these are bought and sold on a market just like any other commodity.

Re:Please, just stop... (1)

Anonymous Coward | about 2 years ago | (#41849109)

We're talking about China deciding that the USA needs to be taught a lesson.

I'll bite. What's the lesson? China owns 8% of US dept and their economy significantly depends on a thriving US economy so it wouldn't be a monetary issue. Maybe they would want to teach us a lesson not to cause war mongering like what your doing?

Re:Please, just stop... (1)

AK Marc (707885) | about 2 years ago | (#41849335)

Nah, they could get by without the US selling them debt to buy their crap. We need China more than China needs us, and China needs us less every day. The real problem is that if the US crashed, so would Japan and Europe. Then China's fucked. Why do you think England was pushing Iceland to bail out English banks? Because money is international, and when one falls, they all come down.

Re:Please, just stop... (3, Informative)

johnnick (188363) | about 2 years ago | (#41849163)

>The bacteria that enter the drinking supply poisons a good portion of an entire city and thousands (if not tens of thousands) die.

Because no one, not even the people there at the plant, notice that the sewage is going into the water, and no one notices that the water smells funny, etc., etc. NYC is dealing with something like this right now in the wake of hurricane Sandy. See http://www.huffingtonpost.com/2012/10/30/hurricane-sandy-sewage-toxic-_n_2046963.html [huffingtonpost.com] .

Killing people with computers is a LOT harder than killing them with kinetic weapons because, aside from people being monitored by computers in hospitals, most people aren't directly relying on the computers to keep them alive.

The north eastern US suffered a major, multi-day blackout a few years ago. It did not bring the country to its knees. Similarly, regional weather events may shut down transit/business/etc., but people are moving to backup systems (e.g., walking/biking to work in the case of NYC) and dealing for the time it will take to bring the systems back online.

Any cyber attack that could actually meaningfully harm the US would cross the line into casus belli and likely receive a kinetic response.

It's possible that some kind of cyber attack could be used as a distraction or to syphon off resources while a kinetic attack takes place, but that's still assuming some other nation believes it is in their national interests to get into a shooting match with the US.

Sen. Lieberman had an opinion piece in the NYT (http://www.nytimes.com/roomfordebate/2012/10/17/should-industry-face-more-cybersecurity-mandates/the-cyber-threat-is-real-and-must-be-stopped-by-business-and-government) supporting your position. Numerous real security professionals would disagree, from Bruce Schneier (http://www.schneier.com/blog/archives/2012/10/stoking_cyber_f.html) to people like Scot Terban (http://www.schneier.com/blog/archives/2012/10/stoking_cyber_f.html).

Re:Please, just stop... (1)

Joe_Dragon (2206452) | about 2 years ago | (#41849651)

Near me wastewater treatment plants are not at the same place as the fresh water intakes.

Re:Please, just stop... (3, Insightful)

Penurious Penguin (2687307) | about 2 years ago | (#41848873)

I think they know this well enough, but their terminology is specifically targeted at the sort of people who consider the act of defacing a webpage serious hacking. What we really need is a GUI interface in Visual Basic to track the IPs of these terrible cyber-terrorists. That'd do it, mark my wurd.

Re:Please, just stop... (5, Insightful)

Anonymous Coward | about 2 years ago | (#41848909)

But but but people connect their power plants and natural gas pumping stations to the internet because they wanted to post some updates on their facebook or do a foursquare checkin and they forgot their iPhone at home! Then when some work gets into these control systems and causes problems (maybe even people could die), it is not because of action of some locals that hooked up critical systems to the internet. It will be "digital perl harbor"!!

In politics it is not about rationality and common sense. It is about posers and perceptions. Hell, that's how we almost all died back in the engineered "Cuban missile crises".

So when some retards screw up a power grid, the result will be "how do we respond?!? war! WAR!", not "why were these systems on unprotected networks?".

Times change, but our thought patterns seem to clearly remain back in the stone age. DHS just proves the point once again.

the power grid needs to link all the plans and sub (1)

Joe_Dragon (2206452) | about 2 years ago | (#41849695)

the power grid needs to link all the plans and substations to each other so they can control all the switches on the lines.

Re:Please, just stop... (1)

Jah-Wren Ryel (80510) | about 2 years ago | (#41848953)

There is no need to try and compare unlawful access to a computer system by a foreign entity to an attack that killed thousands of people and drew the US into one of the bloodiest conflicts in human history.

Yes there is if you are looking to provide a justification for continuing to feed trillions of dollars to the military-industrial complex.

Re:Please, just stop... (2)

flonker (526111) | about 2 years ago | (#41849027)

Regardless of terminology, a massive attack on the virtual infrastructure is a different class of attack and requires a different class of defense. The term 'cyber Pearl Harbor' is ridiculous and disrespectful to those who were at the real Pearl Harbor. Also, DHS is probably the worst department to be in charge of, well, pretty much anything. The NSA would be a much better choice.

With that said, I think it's not too bad of an idea once you realize what the proper response is to a massive attack on the entire Internet. Technical support. Calling up (or visiting in person) millions of users and sysadmins and walking them through the process of securing their systems. A phone call might not do it, because you can't flash a badge over the phone, so (rightfully) nobody would trust you.

OTOH, targeted attacks such as "break into a wastewater treatment plant, use the SCADA controls to prematurely dump a tank of sewage into the clean water intake" mentioned by the AC, are yet another class of attack, and you don't need the extra manpower of a reserve force in order to deal with the technical fallout of such an action.

And, of course, if someone were to find something a new class of bug similar to SQL injection, wherein the only solution would be to update huge amounts of code all over the Internet, well, even a reserve force might not be enough to fix that kind of problem. Look at how long it took to resolve Y2K.

Personally, I would consider signing up for this type of "cyber-reserve", but I would hesitate doing so under the DHS. Also, I wouldn't sign up unless I knew ahead of time what was expected of me, and that there would be no bait and switch.

Re:Please, just stop... (2)

zerro (1820876) | about 2 years ago | (#41849083)

Espionage != sabotage

Look at the computers on the desk here:
http://ronslog.typepad.com/ronslog/2008/05/eagle-mountain.html [typepad.com]

Any clues as to control over some of the SCADA systems here might do?

in my best "say what again!" voice: Tell me it's not gonna cause problems!

Re:Please, just stop... (1)

floorgoblin (869743) | about 2 years ago | (#41849247)

While I agree that the language comes of as over the top, the purpose of it is to convey the real risk of cyberterrorism to folks who don't have the time or inclination to fully understand the issue. I've been told by a friend at DHS that China has several hundred thousand people working full time on accessing sensitive data in the US (which includes government, military, private sector, and international NGO's). Even simple espionage can put human rights workers, intelligence agents, and military personnel at risk. Stolen data can also hurt our competitive edge, hypothetically, and yes some infrastructure systems are connected to the internet, and stolen schematics, building plans, personnel data, etc. could theoretically be used for a terrorist attack. While it's unlikely that China would want to do something like that, I don't think its a risk that the security establishment would want to take.

Re:Please, just stop... (1)

AK Marc (707885) | about 2 years ago | (#41849305)

What would you call it if someone hacked ATC and crashed airplanes, killing thousands of people? Would it matter if it started the next bloodiest conflict in human history?

Espionage is espionage,

So far it has been, but what happens when it isn't centrifuges targeted, but humans? Train crashes and infrastructure failures?

Don't sign up the best, send away the worst (2, Funny)

Anonymous Coward | about 2 years ago | (#41848745)

I can't help thinking we'd be better off sending our very worst programmers overseas instead. If you really are a computing screw up, the kind of guy that turns a "hello world" into an infinite loop, your truly are an asset to this nation and we'll gladly sponsor your job application to iran or north korea. Problem solved.

really? (2)

epyT-R (613989) | about 2 years ago | (#41848781)

well then it's time for the people in charge of this, who were probably the lawyer/prep/ivy league have-it-alls in highschool, to get over their cliquish demands for irrelevant shit like dresscode conformity, good looks, superficial pop culture interests, and top tier athleticism if they want the very best technologists. Of course, if these assholes had learned anything since high school, they'd realize calling anything 'cyber' or 'virtual' scares away the people they're trying to bring in before they even start.

sorry leon (3, Funny)

Lehk228 (705449) | about 2 years ago | (#41848787)

Sorry leon, /b/ still is not your personal army

Just another pork (1)

oldhack (1037484) | about 2 years ago | (#41848851)

for Frito-Lays. Unbelievable.

where do i sign up? (-1)

Anonymous Coward | about 2 years ago | (#41848863)

said nobody ever.

Fuck DHS (-1)

Anonymous Coward | about 2 years ago | (#41848885)

Fuck DHS, assholes.

Worried about cyber perl harbor? Give me a break. (3, Informative)

Anonymous Coward | about 2 years ago | (#41848899)

If that were true, it would have already happened by now. I mean, wtf are the US's enemies waiting for?

Here's what someone said back in 1998: [fas.org]

PREPARED STATEMENT OF SENATOR FRED THOMPSON
CHAIRMAN

COMMITTEE ON GOVERNMENTAL AFFAIRS

MAY 19, 1998

"WEAK COMPUTER SECURITY IN GOVERNMENT: IS THE PUBLIC AT RISK?"

The Governmental Affairs Committee today is holding the first of a series of hearings on the security of federal computer systems. The potential benefits promised by computers are contrasted with inherent risks to our security and public safety. While advances in computing power potentially can remake how the government does business and how future wars are fought, it also creates vulnerabilities which must be reduced. Today’s hearing will address the darker side of the information revolution while exploring how we can better protect government information.

Computers are changing our lives faster then any other invention in our history. Our society is becoming increasingly dependent on information technologies, which are changing at an amazing rate. Consider a couple of examples:

                The singing greeting cards which you buy today for $2 have more computing power then existed in the world before 1950.

                A video camera which you buy today for less then $1000 has more computing power then a 1960s computer the size of this room.

Combine this rapid explosion in computing power with the fact that information systems are being connected together around the world without regard to geographic boundaries. The increasing ability of computers talking to each other offers both opportunities and challenges.

In today’s hearing, we will discuss these challenges. We will hear that the nature of this challenge comes from the fact that our nation’s underlying information infrastructure is riddled with vulnerabilities which represent severe security flaws and risks to our nation’s security, public safety and personal privacy.

While "hacker attacks" receive much media attention, what worries me are the attacks that go unknown. The nature of attacks in the information age seems to allow a malicious individual or group to reach out and inflict extensive damage from the comfort and safety of their home.

We must ask whether we are becoming so dependent on communications links and electronic microprocessors that a determined adversary or terrorist could possibly shut down federal operations or damage the economy simply by attacking our computers.

At risk are systems that control power distribution and utilities, phones, air traffic, stock exchanges, the Federal Reserve, and taxpayers’ credit and medical records. Unfortunately, government agencies are ill-prepared to address the situation. We as a nation cannot wait for the "Pearl Harbor" of the information age. We must increase our vigilance to tackle this problem before we are hit with a surprise attack.

Our witnesses today have substantial knowledge about what the problems really are and can recommend solutions. First, Dr. Peter Neumann, a recognized private-sector expert on computer security, will provide the Committee with an overview of information security issues and testify on the systemic security problems in the government’s computer systems.

Then we will hear from L0pht -- seven members of a "hacker think tank" who identify security weaknesses in computer systems in an effort to persuade companies to design more secure systems. L0pht members will testify about specific weaknesses which enable hackers to exploit the nation’s information infrastructure and government information.

Excuse me if I can't take the government seriously about preventing a cyber "Pearl Harbor". What'll happen is that there will be some attack which the administration will say, "No one could have forseen..." and then Congress will overreact by passing laws that will with strengthen the surveillance state to unprecedented levels. The last vestiges of the 4th Amendment will be finally swept away along with most our other civil liberties.

Why shouldn't I work for the DHS.? (1)

fustakrakich (1673220) | about 2 years ago | (#41848917)

That's a tough one, but I'll take a shot..

You all know how the rest goes...

They don't pay. (2)

HerculesMO (693085) | about 2 years ago | (#41848921)

Why would you hire an expert computer hacker/programmer/systems guy/girl if they can get paid 3x the amount working in a private company?

If you want to create an elite set of 'ubergeeks' you need to pay them a lot of money, allow them to work in jeans and tshirts, endless supply of mountain dew and snacks.

Or otherwise work for Google.

Re:They don't pay. (0)

SternisheFan (2529412) | about 2 years ago | (#41848961)

Why would you hire an expert computer hacker/programmer/systems guy/girl if they can get paid 3x the amount working in a private company?

Um, the hacker should be one with a morality level high enough that he/she feels it's an important enough job that a high payout isn't what matters most?

Re:They don't pay. (1)

HerculesMO (693085) | about 2 years ago | (#41849069)

Sure, you can work for one of a thousand places that deal with healthcare IT, ethical hacking (and penetration testing/security companies) etc that would be fine with your morals and your paycheck.

The military can take young kids who don't have a lot of options and train them to become soldiers through the use of discipline and time. To be a great computer hacker you need to screw around as much as possible because it's the curiosity that makes somebody really good at it. You can't teach that. You have to pay for it. And that's why good IT folks are generally ahead of the unemployment curve and paid very well to boot.

Re:They don't pay. (2)

SB9876 (723368) | about 2 years ago | (#41849191)

There's no shortage of very technically savvy people in the military and other branches of the federal government as well as academia. All of those pay well below the industry average. Not everyone is solely motivated by money.

You seem to think that the military is solely composed of 18-year old recruits from the ghetto. I seem to recall that digital computers, the internet and even the space race all have their roots in military R&D. One might make an argument about the relative creativity/research productivity per $ of private industry vs academia vs the military but it's a silly argument to think that the military is incapable of this sort of work or that people wouldn't accept lower pay to do something they believe in.

Aight (2)

coma_bug (830669) | about 2 years ago | (#41848939)

I put on my robe and wizard hat.

CYBER (1)

Quick Reply (688867) | about 2 years ago | (#41848971)

Yes I'm sure that Network Security
Specialists enjoy anything related to the word
CYBER, it is like the New Wave era of
HACKING (not to be confused with
cracking)... or something like that

Sure, with some conditions... (1, Insightful)

pla (258480) | about 2 years ago | (#41848997)

How much does it pay,
How long until I qualify for a pension, and
Do I get to hack other countries for fun and profit without worrying about legal repercussions?

(Hey, the SCADA hacks on Iran sound like pure geek porn. Don't lie, you all wish you could have done that without fear of the MIBs showing up at your door to ship you off to Gitmo!)


Oh, and most important - I want a guarantee, in writing, notarized, and reviewed by my lawyer, that they won't ship me off to die in some foreign sandbox (no tech-pun intended) when they need sacrificial grunts for the next blood-for-oil charade.

Re:Sure, with some conditions... (1)

pchan- (118053) | about 2 years ago | (#41849237)

It does sound like fun and I would enjoy it given the right working conditions, though I imagine these are highly unlikely to be found in a military operation.

However, no lawyer can get you the guarantee you're looking for. If you are a male and a United States citizen, you'll remember having registered for Selective Service ("The Draft") before your 18th birthday. Under the right conditions any registered person can be called up for service, all it takes is an act of Congress.

This is my (-1)

Anonymous Coward | about 2 years ago | (#41849031)

post.

I'll work cheap... (3, Funny)

GodfatherofSoul (174979) | about 2 years ago | (#41849059)

...just hook me up with some of them Colombian hookers the Secret Service has been recruiting for their Randy Reserves.

Avengers rather than 'excitement' (1)

Lord_of_the_nerf (895604) | about 2 years ago | (#41849117)

It could be a hard sell, but if Samuel L. Jackson called, I'm sure people would join. Of course, Anonymous would have to kill the Phil Coulson of nerds first.

"There was an idea to bring together a group of remarkable people, so when we needed them, they could fight the battles that we never could... "

useless.......... (1)

wierd_w (1375923) | about 2 years ago | (#41849129)

This whole thing is useless, and counter intuitive.

Essentially, government is going "ZOMG! We have (t)error(ist)s causing problems in our networks causing mayhem and loss of our priviledged informations!" And instead of going "hmm.. maybe we should audit our standards and practices, and actually hire people who know what they are doing...", they instead proclaim "we must create a new branch of the armed forces to be responsible for our existing and unwieldy information infrastructure! We'l call it "cyber something-or-other'!"

This is 100% wrong.

The problem, --and the reason for all the security breaches--, is twofold.

1) we bend over backwards to perpetuate an inefficient intelligence and information handling infrastructure, with all kinds of protocols, and exceptions to rules that essentially (and are created precisely to) create "gyres" where information piles up, gets forgotten about, neglected, and buried. This allows people to hide information. Inject false information. For information to be lost when it could be essential. All kinds of problems. We do this because fixing the problem would expose people (and responsibility is bad, mkay), and would threaten established hegemonies.

2) the creation of this new organisation will only serve as a scapegoat for when things *will* go wrong because of #1. This will only create disgruntled IT people. If govt doesn't comprehend why that is bad, they deserve what they get.

3) the creation of a publicly exposed group causes anxiety in other countries, causing escallation of military backed network infiltrations and abuses of the global public commons that is the internet. It does not discourage this behavior.

Really, the whole idea is stupid.

What they should *really* be doing is improving the NSA to deal with offensive infiltrations (they are already good at it.), and completely restructure their data retention and data handling protocols in a fully comprehensive (with no sacred cows) manner, while hiring competent people to manage their infrastructure.

But that would fucking make sense.

Paranoid about the pananoia levels (0)

Anonymous Coward | about 2 years ago | (#41849143)

I am getting very paranoid about the excessive paranoia that pervades much of the so-called free world - particular the USA. Is this merely a quest to discover a more profitable business model to supplant the arms and scanner technology (and debt) that seems to be the only exports the USA has these days?

Training (0)

Anonymous Coward | about 2 years ago | (#41849147)

All they have to do is say "we'll train you" and they'll have all the recruits they could ever want and then some.

Huh? Kamikaze PC's? (0)

Anonymous Coward | about 2 years ago | (#41849159)

Hell, got that with standard ad driven malware... Cyber Pearl Harbor? Huh!!! Just got done talking with my TSCC cleared father about nuke munitions being decomissioned, U/Pu reprocessed for use in nuke power plants after we went and pissed off the rest of the planet oil questing, pure friggin genius... Me thinks we have larger issues on the horizon, but it is true, security in computing has been so long overlooked it does need attention in the form of education of the masses, but not as such to compare with 12/7/1941, we did have radar at that point, just didn't know how to use it...

New Perl Harbor: The Sequel (3, Funny)

Penurious Penguin (2687307) | about 2 years ago | (#41849183)

New Pearl Harbor is a melodramatic pre-imagining of the teenage attack on U.S. power-grids and the subsequent DooAlittleMoreThanNecessary Raid. While not directed by Michael Bay, fans of his in the CIA have collaborated with the makers of Innocence of Muslims and Rupert Murdoch in this captivating mind-wrenching sequel.

"When you see the part where Leonardo DiCaprio telnets into the Pentagon and sends drones to Moldova, you'll shit your pants!" -- Sock Puppet Reviews

"If you told me Justin Bieber could've played such a convincing hacker, I'd have laughed in your face" -- Hillary Clinton

"It brought tears to my eyes, and I was a POW." -- J. McCain

"Thank Yahweh for benzodiazepines! " -- Janet Napolitano (Eight-Time Mother of the Year Award Winner)

"You'll need your Mountain Dew for this one!" -- Anonymous

*Partially plagiarized from wikipedia [wikipedia.org] .

Military Intelligence (3, Interesting)

Anonymous Coward | about 2 years ago | (#41849201)

Didn't we all get into technology for the meetings, the red tape, the bureaucracy, the TPS reports, the PHBs (pointy haired bosses)

In no particular order, the Heroes at Homeland Security will clap the leg-irons onto all their tame geeks, will lock down every box, will firewall every internal network, will take away every admin priv, will assign a "handler" to every geek with veto authority on every mouse click. And then? Of course the token techies will be crucified for not being able to use their non-existent resources to defend Wal-Mart from the script kiddies

They're looking for scapegoats my friends, don't fall for it

NetForce (1)

DataKnight (797793) | about 2 years ago | (#41849221)

Do we get Scott Bakula as commander of NetForce?

the problem is, they don't want nerds. (1)

Anonymous Coward | about 2 years ago | (#41849235)

they want tame nerds who agree with the USA's current luddite anti-technology crusade and will uphold things like plainly idiotic [ucla.edu] copyright monopoly law and endless censorship. They ain't gonna get the best and brightest until there's some regime change at the top.

I'm confused (1)

viperidaenz (2515578) | about 2 years ago | (#41849309)

How are the Japanese going to fly virtual planes into virtual harbors to cause real damage?

You touch my balls then ask for a favor? Hmmm (1)

Anonymous Coward | about 2 years ago | (#41849331)

We're in real trouble if the DHS is 'on top of' the cyber war response. These guys will probably electrocute 20 men each trying to give the same PC a handjob "for information leading to a terririst!!!!" ;]

The DHS represents all the things Americans most despise about our own country: The invasion of privacy, the waste, the abuse of power, the incredible frauds, the xenophobia, our quickening slide toward fascism. Who would want to be in any way associated with this agency?

Don't work for these people (0)

Anonymous Coward | about 2 years ago | (#41849339)

They're not interested in your best interests

Shouldn't it be called... (0)

Anonymous Coward | about 2 years ago | (#41849345)

The Federal Cyber Reserve? Oh no, that would imply it's not actually ran by the government.

Not a chance in Hell ... (2)

Infernal Device (865066) | about 2 years ago | (#41849387)

The DHS is the worst idea to come out of Washington and that's a town that's pretty much only ever generated bad ideas. I'd rather be waterboarded than lift a finger to suport that particular government agency.

Re:Not a chance in Hell ... (0)

Anonymous Coward | about 2 years ago | (#41849619)

You could join and sabotage them though.

It'll be like Pearl Harbor (1)

Swampash (1131503) | about 2 years ago | (#41849415)

...TIMES A THOUSAND.

Re:It'll be like Pearl Harbor (1)

Penurious Penguin (2687307) | about 2 years ago | (#41849581)

Easily! People don't understand. When plane-loads of infected USB-drives strike you at terminal velocity, it really sucks. Dude, even the discarded pizza crusts and soda cans can damage paint. But it's those Kamikaze anonymous bastards you've really got to look out for; they'll fly right into a power-plant just to insert a USB-drive manually before they die. Yeah, if we don't toss a few bombs around, uphold copyright and have a purge, we're gonna get it, bad. All you can really do without the government's help is wear clean underpants and a very thick hat, and don't open any unusual emails. I also recommend putting a crystal near your router to keep out the negative energy -- I've heard that bad guys don't like it because it reminds them of transparency.

Everybody Should Work For HLS (0)

Anonymous Coward | about 2 years ago | (#41849467)

That way we can secure the whole country. Makes sense huh?

Do you has? (2)

bunbuntheminilop (935594) | about 2 years ago | (#41849571)

All right maggot, fallout! Colonel Homestarrunner is recruiting the most elite team of crack commandos to invade Strongbadia. Do you has what it takes to join the Homestarmy? Will you bring a sack lunch and some orange slices for me and serve your country? WILL YOU STUPID!?

"Cyber Reserve" Really[?]! (0)

Anonymous Coward | about 2 years ago | (#41849575)

Well.

I can say for one that I do not want to be a "comfort woman" for the DHS or its minions which is more in line with their 'guiding' ethos and principles. :(

private companys are the ones with poor securtity (1)

Joe_Dragon (2206452) | about 2 years ago | (#41849587)

private company's are the ones with poor security and some has to do with cut backs and other PHB driven stuff.

Like PHB buying stuff on the golf course with out getting tech people there to do a look over.

Staff cut backs that leads to people being over worked / not have the time to do security right.

Old hardware / software that forced them to use systems full of security holes.

outsourcing / 3rd party's techs that can have lot's of trun over / overhead and propel who don't know whats going on. There is this on BIG bank that uses them and they don't even get a company ID to use when they show up at the bank branch to do work. And there systems use USB ports as well.

NON tech mangers running IT does not help as well.

Never Gonna Happen (0)

Anonymous Coward | about 2 years ago | (#41849629)

Just like fixing the IRS or FBI computers, the people most qualified to do so, with the skills and experience needed, are the last people that want anything to do with it. This initiative will fail.

cyberwar, attribution and becomming a loose end. (0)

Anonymous Coward | about 2 years ago | (#41849667)

The problem with cyberwar attacks, is that the developer always becomes a loose end in terms of attribution

I write an exploit, and .mil use it to exploit some powerplant software and cause a nuclear meltdown,
(referred to as "kinetic impact") killing hundreds of thousands of innocent people.
I am now one of the few who can identify my country definitively as the aggressor.

Purely from a risk management perspective, it would be foolish not to kill me to keep me quiet.
So called Cyberwar is going to be risky business for the geeks, play by all means, just make sure you get life insurance and proper hazard pay.

 

Defense is Prevention (0)

Anonymous Coward | about 2 years ago | (#41849723)

You don't defend computers with a standing army. You defend them by not being an idiot and taking proper measures to protect your shit. That's never going to happen in the Corporate States of America.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?