(note, people ought to: 1) think about this on their own making up
their own minds, 2) understand that the press has some very weird
ideas, 3) take some better protections on their own, for their own
also, I'm not judging the OP nor the reporter nor the ideas espoused
in the article/clips...
Somebody needs to give them a clue-by-four. The private sector
people keep trying, sometimes it's helped. sometimes reporters need to
already has the "Internet address where an email ... originated";
it's not just email they care about (you knew that I think)
it's already in the Received lines. We don't need to be informed
about it, we already inform each other about it.
one interesting idea, that has proven out some merit over the years is
the ability to share 'incident' data across entry points (say across
companies, or gov'ts even) about 'bad things' that are happening.
Take the case of 'spam came in from this end system to my mailserver',
if I tell you that (or some central system that which you can query)
you'll learn that maybe the inbound connection to you is also
And it's already delivered "at network speed."
the article sort of reads like the above scenario though... maybe it's
NOT that, maybe it's something else entirely... it SEEMS that the
gov't wants to help. They may be able to, they may just foul things
up. The reporter certainly didn't leave enough details in place to
It is my understanding the Dept of Homeland Security already
cooperates in sharing government intrusion information. We certainly
don't need a "U.S. spy agency" MITM to "protect the private sector."
you may mean? could be... the wikipedias are sometimes wrong, or so
says the teacher of my 7yr old.
Moreover, the US is the source of most spam and malware, so the NSA
isn't really going to be much help. And the US is the source of the
but hosts in the US that are botted/spamming, also spam/bot other
things outside the US, right? so really who cares where the src is,
get some data collection points up and use that data to inform your
security policy, no? (sure, you'll have to have some smarts, and some
smart people, and be cautious... but you'd do that anyway, right? )
These folks have some awesome tech for that sort of data collection
it's a shame that their parent company can't find a way to monetize
that sort of thing. (the article there talks about some older version
of the system, which is still alive/well today doing fraud detection
and was doing some IDS/anomaly-detection-like work as well for ip
only known cyber attacks on other country's infrastructure, so it's
not likely much help there, either. Unless they expect retaliation?
U.S. spy agencies say won't read Americans' email for cybersecurity
By Tabassum Zakaria and David Alexander
WASHINGTON (Reuters) - The head of the U.S. spy agency that eavesdrops on
electronic communications overseas sought on Monday to reassure Americans
that the National Security Agency would not read their personal email if
a new cybersecurity law was enacted to allow private companies to share
information with the government.
But to help protect the private sector, he said it was important that the
intelligence agency be able to inform them about the type of malicious
translated: "Hey, what if we could tell our private sector partners
(Lockheed-Martin, for instance) that they should be on the lookout for
things like X, or traffic destined to Y, or people sending all their
DNS queries to these 5 netblocks." (dcwg.org sorta crap)
that doesn't sound 'bad', it sounds like there is a gap in the
business world to wrap all this data up and sell access to it... but
the gov't can jump in with their mountains of data from their
'einstein' or whatever and go to town protecting their 'partners' who
have often close interactions with the gov't, right?
software and other cyber intrusions it is seeing and hear from companies
about what they see breaching the protective measures on their computer
adding to the above: "What if we had an API such that you could feed
your collected alarm/alert/badness data to us as well? and we could
feed that back into our system, protect ourselves AND send it back out
to the other partners?"
again, that's not that bad, really it sounds pretty cool... only if
MCI could have found a way to productize and monetize that... which we
built for them too but I digress.
"It doesn't require the government to read their mail or your mail to do
that. It requires them, the Internet service provider or that company, to
tell us that that type of event is going on at this time. And it has to be
alexander is loose with his pronouns, which makes this worse... in
reality: "send your alarm data to our system, hurrah!", PROBABLY this
could include large ISP people if the pricing (or regulatory world
were right), these folks COULD of course limit that to 'business isp
traffic only', maybe.
this sounds a little less on the ball though, so I'll blame bad
reporter-translation, and hope that Alexander really meant: "Our
partners in the industry, who help supply us and build our widgets for
us, would be enabled to send data into our API..."
He said the information the government was seeking was the Internet
address where an email containing malicious software originated and
where it traveled to, not the content of the email.
I'm sure this was simply an example... and the reporter jumped on it
like a carnivore, poor job reporter!
But the U.S. government is also concerned about the possibility of a cyber
attack from adversaries on critical infrastructure such as the power grid or
yes, put in the boogie-man! also, keep in mind that CI things are ...
in a horrid state, and as it turns out the folk running it are