If hackers can spy on you all then so should we – US Senator logic Following the cyber-attack during which dossiers on four million US government employees were stolen from Uncle Sam's servers, staggering out of the smoldering blast crater is Senator Richard Burr (R-NC). And he's not happy. In his soot-covered hand is a copy of the Cybersecurity Information Sharing Act (CISA), and this week, …
A few security types have just been cleared through the background checks. There are still several waiting on that process. The comments I picked up on were the long-standing nature of OPM's vulnerabilities (and not a clue on who has access or even what's on their network) and that they are just now getting the people on-board to fix it! Oh, as collateral hackage you can include the Department of the Interior and everyone one else using Interior's datacenter which network is compromised as well and no clue on what fuck-all is connected to it externally.
Oh yes, just a random observation, but the "Chinese" earlier hacked the people doing the background checks. I'd be a bit leery of how good the checks on the security people they're getting. SNAFU was invented for this.
Just be patient and wait for the Worst Generation (the Boomers who most Senators are including this tool) to retire and die. Until then its all about damage containment. Luckily the do nothing except spout rhetoric Congress is helping with that.
the Boomers essence instilled down to a single jpg:
https://i.imgur.com/XrN0akg.jpg
That won't do it. The entire electorate needs a brain re-boot. Otherwise, they'll just elect another just like him.
Many of these guys are holdovers from those of the so-called "Greatest Generation". They were promised much by Roosevelt and government so they would go fight the Nazi and Japanese. They want the dream they were promised and Congress, et al was elected on those promises. The promises continued and still do continue. You can say that once the Boomer die off all will be well... dream on. Each generation expects more and their will those who seek power who will promise "more".
Stop blaming the boomers. Gen X and Y have been able to vote for a few years now, yet old cronies keep getting elected. The worst ones at that!
Millennials are now larger than the boomers. Start voting or shut up.
BTW, a lot of boomers got just as screwed as everyone else. Try being poor after a lifetime of work through no fault of your own.
"Millennials are now larger than the boomers. Start voting or shut up."
But the millennials are too busy just keeping a roof over their heads. If they try to call out to vote, they probably won't have a job to go to the next day (yes, things can be that cutthroat, I've seen it personally, and they need to hold two jobs meaning every voting hour can be spoken for). The ones who HAVE the spare time to vote? More than likely easily influenced by the media and therefore "stupid" votes, which if you'll note greatly outnumber the "smart" votes.
Meanwhile, the seniors, historically the most active voters, are living on their retirements and have time to spare.
Wrong on so many levels.
Most seniors are also just barely able to keep roofs over their heads. Being fired for voting is against the law. If they don't stand up for that then they need to STFU and stop blaming anyone else.
Not that boomers are not to blame to some extent as well. They bought into Gorden Gecko greed is good in the 1980s and Rush Limbaugh hate radio back in the 1990s. Why? Because they didn't believe that the GOP was selling us out to foreign companies so they had to blame something else.
The hippies, war protestors and civil right marchers (both black and white) back in 1960s were fighting against the same problems. Many went to jail. Many lost their jobs. That's how it is when you go up against institutional corruption. Hey, I can relate, I'm seeing more and more places trying to stiff people out of overtime and lunches and sick days and vacations and they can do this BECAUSE PEOPLE LET THEM!!.
So if Gen X and Y aren't willing to stand up just to that, then they're screwed and the longer they wait, the more we're going to become just another large banana republic from the 19th century.
"Most seniors are also just barely able to keep roofs over their heads. Being fired for voting is against the law. If they don't stand up for that then they need to STFU and stop blaming anyone else."
At least they have protections set up decades ago like Medicare and Social Security. The young don't even have THAT to back up on. As for being fired for voting, two words: AT WILL. Try proving your firing was for voting and not for incompetence, insubordination, or (thanks to at will) purely at the employer's discretion.
"The hippies, war protestors and civil right marchers (both black and white) back in 1960s were fighting against the same problems. Many went to jail. Many lost their jobs."
But the barriers were MUCH lower then. There were much fewer people. They could find new jobs or start their own businesses and so on. Plus there was a war on, so they could go to 'Nam and earn a new reputation. Today, with knowledge of you everywhere, two words: GOOD LUCK.
"So if Gen X and Y aren't willing to stand up just to that, then they're screwed and the longer they wait, the more we're going to become just another large banana republic from the 19th century."
Well, if THEY'RE screwed, then WE'RE ALL screwed because they're gonna take everyone else with us.
PS. EVERYTHING I've described I've seen...FIRSTHAND...in multiple places.
>Most seniors are also just barely able to keep roofs over their heads.
Sadly it is probably more about the %1ers regardless of which generation. The poor get screwed in every generation and the main thing the attitude of the generation affects is how many will be poor in following generations.
>Gen X and Y have been able to vote for a few years
I have been voting since I turned 18 with the exception of one or two midterms in the 90s. Though the youth do need to turn out a lot more its hard to motivate them when usually the choice is two nearly identical Boomer in all but rhetoric (Obama loves him some Patriot Act, trade pacts and bankers). Also sadly it seems the only Gen Xs candidates so far to show up in important national/senate races have been right wing country club douche bags but early days (plus daddy always gets them in first). The US electoral system may have been the best in the late 18th century but its a dismal failure for a developed country today.
Not that any of this fluff means anything to the perps that have the tools and want to use them. And every nation-state worth its weight in PR is already engaged in sniffing each others (and our) underwear.
Perhaps that will be the demise of all of this - an incredible positive feedback loop of spychatter feeding spychatter. Will we hear a ghostly scream as they all have their earphones turned into microwaves?
He hasn't a clue. So rather than mandate the government updating it's servers and systems and doing a little "defense" work, he sees that more spying is needed. What a twit. I think Wyden has it pegged.
Is there any place on this earth not ruled/governed/owned by twits with no brains? Or are they all run by the power mad no-brainer?
They do. In fact, it's already in effect in both houses. But two problems here.
First, removing riders (pork) removes a traditional bargaining chip for smaller, more vocal Congresspeople. Their constituents don't like the act as it is and don't want their Congressperson to approve unless there's something in it for them; riders act like grease to get the necessary votes to pass an act (it was riders, for example, that allowed the Civil Rights Act to pass). Trying to raise these projects on their own will usually result in them getting killed by the committees, meaning they have no chance of passing on their own, so it's a case of united they pass, divided they die. Because there's so much of the latter these days due to the rules, very little can get done in Congress, resulting in abysmal approval ratings but little in the way of possible solutions. It's all in all a very sad picture for humanity as a whole that the best solution to the "Do-Nothing" Congress is also the one seen as the most corrupting.
Second, this provision is germane to the bill in question, which concerns security.
You've managed to use a break-in on government servers as an sweet-sounding, almost-believable reason to allow the government to spy on the populace at large. Sweet. Chip, chip, chip away at the laws that protect the people from the government, err, I mean the laws that prevent the government from protecting the people. Why would anyone ever have written such laws anyway? Didn't those old people with their funny wigs realize we urgently need to be protected from "bad people"? I mean, sure, maybe 200+ years ago the "bad people" were the folks who were governing, but not nowadays, right? No, we, the people, trust that you guys whom we elected and sent to Washington are straight-up doing the bestest, most honorablest job you can at making sure you continue to run the country just like the Founding Fathers planned. They just never planned for Internets or terrists or nukiller bombs, since they had never seen such things, so you have to tweak things a bit, maybe pervert an ideal or two, to keep the laws updated to the latest fads.
You should run for President, Mr. Burr. Or perhaps Emperor. I'm sure you would win.
The people with the wealth who have invested in their politicians are seriously top-of-the-list targets to the terrorists. They can't abide this and until they wrap everyone on the planet who might be a threat in 365/24/7 surveillance everywhere, they won't be happy. Feeling scared is something they thought long past, that's why they have bodyguards. However, these terrorists target whole buildings and if they get their hands on chemical weapons, biologicals, or radioactive material for just a dirty bomb, how the hell do you defend yourself from it. Bodyguards don't work. Get the State to do the work, that's why you "invested" wasn't it? Favorable treatment from the State.
Almost forgot. Hackers! They're a direct threat to their wealth, period. They can strike from anywhere there's a way to connect to the internet. Worse, they now know how to attack air-gapped computers. And that's not counting the threat from nation-state groups who are far more adept. They'll steal the basis for that wealth any which they can. Almost one-stop-shopping if the target is big enough. Ask Sony.
This is going to happen, one way or another. Just as in the UK, the rest of the EU for that matter, every possible source of even the most improbable threat must be detected, suppressed, or attacked before the event. Which explains a lot about the methods used by our FBI in setting up terrorist cells only to arrest them prior to acts which they may not have even been willing to execute. Prevention.
No tinfoil hat needed. Just a bit of putting myself in their shoes (mentally) and trying to find anything that might reassure those who have the wealth. So far, batting 100%
"This is going to happen, one way or another. Just as in the UK, the rest of the EU for that matter, every possible source of even the most improbable threat must be detected, suppressed, or attacked before the event."
So if they're so paranoid, why don't they liquidate all their wealth and retire to some little mountain in the middle of nowhere and cut off from the rest of society so no one can find them?
The CISA legislation was written to allow technology companies to share information about their customers with the Feds for the purposes of national security and online threats, in exchange for partial legal immunity from citizens upset about this data handover.
I'm not american but I see that as a way round the 4th amendment which from where I'm sitting in the UK doesn't exist anymore, which is a bit sad really as it's a very well thought out piece to keep governments in check.
Pass a law to compel companies to share information with NSA by way of DHS because your OPM database which contains information people have shared with you is getting hacked.
I think we need high order logic to understand this concept
-- This is your personal data
Data d
-- This is your personal data with CISA
APT30(FSB(NSA (DHS ( OPM d))))
tasked with building, securing, and maintaining the personnel records database(s), the obvious solution is a bill that would require MORE people's comms records to be shifted hither and yon because, well, we gotta do Something and computers is confusing. I get that elected officials have an unwritten mandate to grab limelight whenever possible for later monetizing during campaign season; one wonders whose dollars the good Senator will be chasing next election.
I think that we are living in a peace and democratic world, all of us are free and can do what we like as long as we are legal. But now I feel some anxiety. I used to use spy software name Aobo Filter to block some bad and porn URLs to my little son to protect him. But now if we are being monitored by someone, it is so terrible. We need to take some actions towards this.
Who the hell are these idiots who leave government data so open that hackers can get in ?
Surely they could have the same security across the whole government server network......
Why would you have systems that are really hard if not near impossible to break through as I would assume the Pentagon / NSA / CIA have and not use the same everywhere ?
You want to stop the bad guys looking at your data ? atsrt with the best defences possible and then encrypt everything you can.
It appears that almost nobody who felt a compulsion to comment on this took the trouble to read the summary, let alone the full text, of Senator Burr's bill, which appears to have two basic purposes. The first requires the federal government to share knowledge with other governments and the private sector about computer security threats and contains explicit requirements to remove personal and personally identifying information from the shared material (with an exception). The second is to allow(but not compel) other government and private entities to share such information with the federal government for specific purposes related to ensuring and improving computer security. It does not appear to allow monitoring or surveillance that is not probably legal now under contract law, although it makes it explicit and allows businesses to collaborate to a degree on information security without risking antitrust action, and offers protection for proprietary information in the form of exemption from Freedom of Information Act release. It also allows government use of the information for specified law enforcement and other purposes, including, one supposes, by the FBI and NSA to identify and attempt to interdict ongoing threats.
The bill has some vagueness and parts might be improved, including at least the following.
- clarification of the "person not directly related to a cybersecurity threat" whose identifying and other information is not required to be removed from data the Federal Government shares;
- an explicit requirement that personal and person identifying information be removed by those submitting threat information to the Federal Government; as the bill stands, this is left for the Attorney General to define in required guidelines;
- potential use of the collected threat information to inform development and implementation of information system regulations, better left out of this bill and put into any later legislation aimed at information security regulation;
- the bill incorporates part of a document "National Strategy for Trusted Identities in Cyberspace" that the President issued in 2011 that I thought a bit troublesome then and probably still would.
Senator Wyden and others no doubt will address these and other areas with amendments.
This bill probably should be severed from the National Defense Authorization Act. Its subject is important enough, and it has enough potential and actual problems that it would be better considered separately. In addition, the governments and private entities have plenty of other information assurance work to do before lack of threat information sharing becomes a significant impediment. It is not, however, the product of a seriously deranged would-be tyrant, as some might have it.
-
Tom,
I think the point is, that while this bill might be worthwhile in the long view it still needs work. More importantly, it won't solve the reasons that this intrusion worked. The basic security of the government's systems needs to be addressed and this bill won't do it.
I can all the information on every one in town, but if someone wants to break into my house, I think I should spend some time and money on locks and basic security. That's where the failure is in this case.
on security issues, but if DiFi is against it, there must be some good. She is, after all, the poster-child for "If the Police do it, it's not illegal".
OTOH, The Enemy of my Enemy is _not_ necessarily my friend.
I'm still getting very weary of "Burglary rate rising. Police recommend shift to cardboard doors"
I'm still getting very weary of "Burglary rate rising. Police recommend shift to cardboard doors"
But unless you're willing to fill in all your windows and replace your door frame with reinforced steel and then some, you'll find that it's almost depressingly easy for a determined burglar to break into your house. IOW, locks as they are are a false sense of security since a determined burglar can smash the window with a sledge or kick the door hard enough to splinter the frame (both virtually zero-cost actions), at which point you're pretty much up crap creek. At least with the cardboard door it's easy to replace after the fact and bears little difference to the remaining carnage.
"We can no longer simply watch Americans' personal information continue to be compromised."
"Instead, we must gather even more of it in ill-protected centralised government repositories, in order to make it easier for my Chinese paymasters next time" he added, before finishing "Whoops! Did I say that or just think it?"
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
