15 July 2011

CyBER-BlackSEC--EPIC v. NSA; VC/JCS v. DepSECDEF--OS


VS/2; US/1; ATTN: US/12; JAG/1; HST/2; JAG/5
EPIC v. NSA: Agency Can "Neither Confirm Nor Deny" Google Ties

A federal judge has issued an opinion in EPIC v. NSA, and accepted the NSA's claim that it can "neither confirm nor deny" that it had entered into a relationship with Google following the China hacking incident in January 2010. EPIC had sought documents under the FOIA because such an agreement could reveal that the NSA is developing technical standards that would enable greater surveillance of Internet users.

The "Glomar response," to neither confirm nor deny, is a controversial legal doctrine that allows agencies to conceal the existence of records that might otherwise be subject to public disclosure. EPIC plans to appeal this decision. EPIC is also litigating to obtain the National Security Presidential Directive that sets out the NSA's cyber security authority. And EPIC is seeking from the NSA information about Internet vulnerability assessments, the Director's classified views on how the NSA's practices impact Internet privacy, and the NSA's "Perfect Citizen" program. 

Tags: Google NSA NSPD54 Privacy
- OPEN SOURCE
-------------------------------------------------------|
CBS News Exclusive on US Cyber-WAR Center:





U.S. cyber approach ‘too predictable’ for one top general

By Ellen Nakashima, Published: July 14, 2011

The nation’s second-ranking military official said Thursday that the U.S. approach to protecting its computer systems was “too predictable” and failed to penalize attackers, comments that preceded the release of a Pentagon cyber strategy that emphasized defense over retaliation.

“We’re on a path that is too predictable, way too predictable,” Gen. James Cartwright, vice chairman of the Joint Chiefs of Staff, told defense reporters Thursday. “It’s purely defensive. There is no penalty for attacking us now. We have to figure out a way to change that.” 

Hours later, Deputy Defense Secretary William J. Lynn III presented a strategy whose thrust, he said, is defensive and focused on “denying the benefit of an attack.”

To illustrate the growing threat, Lynn disclosed that in March, the Defense Department discovered that a foreign intelligence service had hacked into a defense contractor’s system and stolen 24,000 computer files related to a weapons system under development, one of the largest known cyberattacks targeting the U.S. military.

Lynn did not name the contractor or the government behind the intrusion but said the Pentagon was reviewing whether the weapons system needed to be redesigned.
The Defense Department’s newly unveiled strategy relies on deploying sensors, software and special signatures, or lines of code, that detect and stop intrusions before they affect operations.

“If an attack will not have its intended effect, those who wish us harm will have less reason to target us through cyberspace in the first place,” Lynn said.
Defining an act of CyBER-WAR, VC/JCS Gen. James Cartwright said during a recent press conference on the subject: “it’s in the eye of the beholder.”
Cartwright, in his remarks to defense reporters, suggested that stronger deterrents would be needed. “We are supposed to be offshore convincing people if they attack, it won’t be free,” he said, adding that adversaries should know that the United States has “the capability and capacity to do something about it.”

Cartwright, who appeared with Lynn at a news conference after the strategy rollout, described the cyber plan as a first step. “This starts us down the path of building out both our defenses and our awareness skills,” he said. Eventually, he added, more aggressive cyber tactics, as well as legal and diplomatic measures, would be needed to “raise the price” of attacking. 

Over the past year, President Obama had asked Cartwright several times whether he would be willing to become chairman of the Joint Chiefs of Staff, The Washington Post reported in May, but Obama later turned to another candidate. Cartwright is leaving office this summer.

Stewart A. Baker, a former National Security Agency general counsel, in a blog post likened the Pentagon’s new cyber plan to a nuclear deterrent strategy of building more fallout shelters. “This is at best a partial strategy,” he wrote. “The plan as described fails to engage on the hard issues, such as offense and attribution and, well, winning.”

Rep. Jim Langevin (D-R.I.), co-founder of the Congressional Cybersecurity Caucus, said that the plan was a good start but that key areas were missing. “What are acceptable red lines for actions in cyberspace? . . . Does data theft or disruption rise to the level of warfare, or do we have to see a physical event, such as an attack on our power grid, before we respond militarily?”

Lynn said that the United States has not yet been hit by an act of cyber war and that there was deterrent value in remaining ambiguous about what would constitute one. But ultimately, he said, it is the president and Congress that would decide that the human or economic damage is severe enough to consider a cyber event an act of war. He said the Pentagon would take the lead only if, in the “judgment of the leadership of the country, it required a military response.”

Cartwright, at the news conference, said the disabling of computerized patient records at a hospital such that the patients cannot be treated would be a violation of the law of armed conflict. “Then you have proportional responses” that can be undertaken, he said, without specifying which or by whom.

But when it comes to an act of war, he said, “it’s in the eye of the beholder.”

Staff writer Jason Ukman contributed to this report.
© The Washington Post Company

 CONTINUE Reading FULL STORY HERE...

No comments:

CyBER-BlackSEC Debate

BlackNIGHT Target Practice

SEAL Team SIX - Iron Will from CBS News

The Devil's Advocate?

In 1991, [the late former Secretary of State Lawrence 'Just call me George'] Eagleburger explained to The Post why all of his sons were named Lawrence.

“First of all, it was ego,” he said. “And secondly, I wanted to screw up the Social Security system.”