Network Security

Director of National Cyber-Security Center Resigns

By Adrian Lane

A couple days ago I posted some thoughts on Data Security and the US Government, how I perceive the role of Cybersecurity, and what I suspected would be a difficult challenge as the Cybersecurity team was set up at cross-purposes with the intelligence community. Today the Wall Street Journal released an article on the resignation of National Cybersecurity Chief Rod Beckstrom. In a case of "even a blind squirrel occasionally finds a nut", my estimate of internal conflict appears to already be going on. In his resignation letter, Mr. Beckstrom stated that the "NSA currently dominates most national cyber efforts" and "The intelligence culture is very different than a network operations or security culture". The WSJ focuses on privacy and separation of power issues with additional comments from Mr. Beckstrom: "the threats to our democratic process ... if all top level network security and monitoring are handled by any one organization".

The resignation letter has a different feel and focus, pointing out that there was a general lack of support for the NCSC, and the specific ways Beckstrom feels his organizations was subjugated. If you have interest in this subject, you will want to read his resignation letter, as it contains more information. It also lists a couple methods by which the NSA can subtly (sneakily?) affect the effectiveness of Cybersecurity efforts that I did not mention in my post. Quite frankly I am surprised that the National Cybersecurity Center could somehow manage to only get 5 fully funded days of operation, but if true, this demonstrates the challenges faced by NCSC.

This could get ugly unless both sides understand that each organization can benefit the other, and realize the goals and agendas do not necessarily need to be at the expense of each other. Concessions have to be made, otherwise this is an expensive and ugly turf war and the entire security problem- which is quickly becoming a US government security problem- continues to fester.

–Adrian Lane

Get Rich Quick With Network Security

By Rich

Greg Young over at Gartner has a humorous post on possibly the best way to make money in network security- the "Security Silly Jar". Just drop in a quarter anytime someone says something stupid from the list. My favorite is number 9:

9. software can"t be secure. Could you please at least try.

If you don't know Greg, he's the lead for network security over at Gartner and someone definitely worth reading...

–Rich

Massive TCP Flaw Looming

By Rich

Yesterday, following up after recording the podcast on clickjacking, I was talking with Robert Hansen about the TCP flaw some contacts of his found over in Sweden. He wrote it up in his column on Dark Reading, and Dennis Fisher over at TechTarget also has some information up.

Basically, it's massive unpatched denial of service attack that can take down nearly anything that uses TCP, in some cases forcing remote systems to reboot or potentially causing local damage. Codified in a tool called "Sockstress", Robert E. Lee and Jack C. Louis seem to be having trouble getting the infrastructure vendors to pay attention. I can't but help think it's because they are with a smaller company in Sweden; had this fallen into the hands of one of the major US vendors/labs methinks the alarm bells would be ringing a tad louder.

From what Robert told me, supported by the articles, this tool allows an attacker to basically take down anything they want from nearly anywhere (like a home connection).

Robert and Jack are trying to report and disclose responsibly, and I sure as heck hope the vendors are listening. Now might be the time for you big end users to start asking them questions about this. It's hard to block an attack when it takes down your firewall, IPS, and the routers connecting everything.

One interesting tidbit- since this is in TCP, it also affects IPv6.

–Rich