The State Department’s New Cyber Reports Miss the Point Entirely

Amid a crisis in U.S. cyber policy, a pair of reports on deterrence and international engagement offer recycled ideas.

Source: The State Department’s New Cyber Reports Miss the Point Entirely

Advertisements

Customs Agent In Hot Water For Trying To Get Reporter’s Sources

Journalist Ali Watkins also had her records secretly seized by the Justice Department earlier this year.

CPB agent is Jeffery Rambo: Customs Agent In Hot Water For Trying To Get Reporter’s Sources

Wow! Quite that was fast promotion from 2011 though.

Virtualized Networking: A Case for CIOs

“The starting point of any system-wide modernization effort should be to virtualize both networks and servers.”

The author is, without a doubt, advocating virtualization as the Holy Grail of everything network and server.  While virtualization can provide many of features and benefits, it is not always a practical or desired solution. For one, virtualization is a trade-off which makes sense for certain configurations and loads. Other hardware based security, performance and features may not be possible, make sense to duplicate or virtualize. It also introduces more potential single points of failure, bottle neck and security risks.

“In the open source model, source code is made available to a worldwide community of developers to strengthen and improve capabilities, functionality and protections.  It helps to create standards to avoid vendor lock-in.  As an example, the Linux Foundation community is working to integrate cybersecurity protections into the design of the virtualized network itself, versus the “bolt-on” approaches of the past.”

Standards and lock-in. There are not standards and the reason there are no standards for virtualization is that it is not real, it is virtual, masquerading as something else with standards! Protocols are the standards and network security tools may become defacto add-ons but never standards. It may not even reduce lock-in. There are a handful of virtualization vendors compares to more hardware providers.

In short, don’t jump in based on vendor hype(r V): AT&T.

It is estimated that nearly 80 percent of federal information technology dollars are spent maintaining outdated systems. Meanwhile, two fundamental goals for any CIO are to drive system modernization and improve cybersecurity protections. Network Visualization is the way to do it.

Source: Virtualized Networking: A Case for CIOs

How Congress Can De-Escalate the Second Crypto War: Fund Research and Broker a Crypto Armistice

Policymakers could make progress on the problem of law-enforcement access to encrypted data with more research and a better relationship between the government and the tech community. Congress can help on both fronts.

Source: How Congress Can De-Escalate the Second Crypto War: Fund Research and Broker a Crypto Armistice

RIP Cyber Coordinator: An Obituary

A good explanation and context. The following characterization is not accurate though:

`National security and homeland security (including cyber) are not alike … national security is “strategic, centralized, top-driven; it’s about all of us,” while “homeland security is operational, decentralized, bottom-driven; it’s about each of us.” Moreover, in national security “there’s unity of command. In homeland security, it’s a unity of effort.”’

It is not an either/or, HS and Cyber have both strategic and tactical/operational aspects. Policy glues top long term strategic (not execution strategy) and tactical. While the position has leaned to either side of the spectrum in the past, the value is in having a high level champion and arbitrator who is focused on assuring the integrity and harmony of top strategy policies and operational policies, while acting with a win-win outlook to reduce agency friction, and not just a mechanical coordinator. This even makes more sense since, unlike HS, cyber cuts across every agency and domain in addition to the private sector (e.g. incident response.)

Rest in peace, Cyber Coordinator. The White House’s Special Assistant to the President and Cyber Coordinator has now been eliminated, apparently ending (or more likely pausing) a two-decade history. It will widely be reckoned as a hideous mistake but not perhaps the one which most needs our immediate attention.

Source: RIP Cyber Coordinator: An Obituary

At a Crossroads, Part II: No More Shadows: The Future of Intelligence Oversight in Congress – War on the Rocks

In the 2012 James Bond film Skyfall, M (Judi Dench) and Gareth Mallory (Ralph Fiennes) debate how to respond to a leak that has led to the assassination of several MI6 intelligence agents.

Source: At a Crossroads, Part II: No More Shadows: The Future of Intelligence Oversight in Congress – War on the Rocks

The White House’s cybersecurity tsar has been dethroned

The US National Security Council says the role is no longer needed. Rosenzweig was not convinced either. This is an example of why transparency and job description matter. While the function is critical, there are no explanations of what the coordinator, and the senior directors did or will do to ensure the functions are performed. 

NSC is hinting at Democrats’ tendency to created unnecessary positions and regulations conducive to obstructing, politiking and bloating the government (the Hamilton 70 reference) and that the senior directors do not need a coordinator. Is Bolton viewing Cyber policy a bottom-up decision (since it is now a Policy Coordination Committee function) while it obviously is not. It is a top-down matter of National Security implications and not agency consensus at give and take which is really what senior directors are good at (bureaucracy).

Which brings up the questions was this guy a Policy Tsar (champion) or a policy coordinator? If the latter, Bolton did not take anything away and if the former, who makes the policy to be coordinated?

Source: The White House’s cybersecurity tsar has been dethroned

Why Congressional Inquiries Trump Federal Investigations

It is not just about oversight in an administrative sense, but the fundamental checks and balances roles and responsibilities of each branch (keeping Jack Russell out for a moment).  Who keeps eyes on agencies with vast capabilities to exercise unfettered power and potential unconstitutional abuses justified through routine claims of discretion and additional internal rubber-stamping by the OLC, blocking any and all potential claims to be seen by anyone. Not that OLC is a routine rubber-stamp office, just saying 2 different law firms can reach 2 opposing conclusions on the same set of facts, the jury a 3rd conclusion and the judge the 4th. Agency and DOJ internal deliberations and opinions should be considered one sided and they are. They are not binding anyways.

When the Justice Department shared former FBI Director James Comey’s Trump-related memos with Congress, executive branch defenders were outraged. They’re wrong, and here’s why.

Source: Why Congressional Inquiries Trump Federal Investigations