Tuesday, February 10, 2015

New agency to sniff out threats in cyberspace

Maybe it shouldn't bother me as much as it does... oh hell, yes it should.

This piece ran, above the fold, front page, column one in the Washington Post this morning. It was the first headline that I read as I had my morning coffee and poached eggs before heading out to the second day of my conference.  

According to the Washington Post:

"The Obama administration is establishing a new agency to combat the deepening threat from cyberattacks, and its mission will be to fuse intelligence from around the government when a crisis occurs.

The agency is modeled after the National Counterterrorism Center, which was launched in the wake of the Sept. 11, 2001, attacks amid criticism that the government failed to share intelligence that could have unraveled the al-Qaeda plot." 

Here's the deal...  The government is preparing to build yet another cyber fusion center --a group that can reach across the stovepipes and pull together the story in time of cyber crisis. This, on the heals of hacks into Sony —because movies are important right? 

So another $35 mil spend to stand up a new 50 person team just bothers the hell out of me. Why? Well, first, $35 mil in DC is what they call budget dust. It’s not a lot of money inside the beltway (of course, it is to the rest of us!).. But the idea that it's ANOTHER $35 mil spent on top of the others in the space --NSA, DHS, FBI, DoD, US Cyber Command --all have or are cyber organizations in our government, and the last time I checked, DHS had the mission for coordinating across the stovepipes. So my thinking? Why are we spending another $35 mil (and this is only the first year folks), to built another cyber organization instead of forcing the existing agencies to do their job? 

So, who's losing cyber budget to stand up the new team? Call me. I'd be happy to offer up a few recommendations.

(Source: http://www.washingtonpost.com/world/national-security/white-house-to-create-national-center-to-counter-cyberspace-intrusions/2015/02/09/a312201e-afd0-11e4-827f-93f454140e2b_story.html?hpid=z5)

Monday, February 09, 2015

The Absence of Basic OPSEC

I'm in DC through Wednesday for a conference. I drove down from the tundra that is New
Hampshire, arriving late last night. The conference doesn't start until 9:00 this morning so I thought I'd relax a bit and have breakfast before I walk up.

So I'm assigned a table in my favorite place in DC. It's a coat and tie kind of place where there are no cell phones allowed in the main dining room. As I skim the Washington Post (which is surprisingly light these days!), I can't help but overhear a man's voice --from nearly clear across the room. There are at least a dozen tables occupied, although admittedly, most are either singles or still in their caffeinated silence. And this one guy, probably 70ish, white hair, fit, is sitting with two much younger women... one a nice looking late 30's blonde; the other about the same age, and still attractive, slightly heavier and a brunette... the brains at the table who never stopped writing... and the man who I believe had to be able to breath through his ears because I didn't see gills and his mouth never stopped moving.

In this city, where the highest per capita ratio of human intelligence operators perform diligently, reporting everything heard back to their handlers, this white haired retired (I believe) senior (again, an assumption), talked about Navy plans for future undersea warfare, nuclear options being developed, and close-in warfare. He talked about presenting at the "National War College"(at the National Defense University on Ft. McNair). And while I believe this man works for a local think tank, the simple absence of OPSEC of in this hotel dining room, where so many other ears could overhear this man who seemingly misses the attention of being a decision-maker on active duty, working like hell to either task, or impress with his deep understanding of Navy issues, these two obviously younger women, well, it really p*ssed me off.

At the same time, I thought to myself "Is this what we've become?" OPSEC is an afterthought to impressing women over a fancy hotel breakfast, or that capitalism is more important that national security, or that the ego, lacking in validation simply needs to be stroked --and that stroking can be forced by pushing opinions and deep thought over breakfast while young women hang on every word.

So yes, this is what we've become. The internet is a place where all three of these things exist. OPSEC has become an extinct after-thought, like the Zanzibar Leopard and the Black Rhino, these once powerful animals have gone by the wayside. Where OPSEC, Tempest, CMS, and guarded radio rooms and swift and strict punishments were imposed on those who broke the rules, it seems that the bar has been reset and speaking openly, regardless of the consequences, online or in public have become the new norm.

And this white haired old man, well, he should know better.

That's enough of my rant for this morning. I haven't blogged in a while and it was starting to build a head of steam that just needed to escape.

Now, I'm off to my Intelligence conference.

Have a great day!