USA safe Cyber target
More of our INTEL
The US Government has an obligation to protect
The US Government has an obligation to protect
American citizens, and they take that very seriously.
911 and 10 years the US Military are still after the
perps, still at war over the attack.
But this paradigm to protect Americans has
broken down on the WWW.
US servers and web sites are fair game for
attacks, and the US Government provides
NO protection, none, abject failure of the
Governments primary function to protect
Americans.
There has been alot of talk about having
to have a Government presents on the
Civilian servers in order to protect them.
And its just not true. We don't need a
cop in our home to get protection against
intruders.
Nor do we need a Government program on
our PCs to get some protection against
cyber intrusions or perps.
The Government has a system set up
to report cyber crime, and its a complaint
warehouse. They just collect stats.
What would a US Police force on the US
WWW look like, how would it work.
It would have to be run by a cyber savvy
leader with Balls, not a timid bureaucrat.
One can monitor web sites performance
and up and down times from an external
source, no intrusion into the PC.
Just a measure of % of up and down
sites, DDos attacks will provide a
base metric.
They would not be looking to block
intrusions or harden any security.
They would be looking to provide
some deterrence.
They would be building the capability
to spot an attack in real time,
and then intervene and track perps
with real time penetration,
and take out the attacking perp.
Burn up his PC, plant rootkits,
erase his hard drive, and do
very nasty things to him.
Identify his real persona, real
world ID, and track and abuse him
in real world and the WWW.
Back tracking and penetrating
in real time would allow a complete
and accurate ID of the perp.
If there is an attack in the real world,
the police do not wait to intervene
until they ID the perp, they counter
attack and take the perp down.
This to can be done on the WWW.
The concept is to develop some
deterrence, kick the hell out
of some of the perps, mess them
up, screw with them for months.
You don't need evidence to intervene
in an attack. You do need evidence
to prosecute.
And we are making a definitive difference
between the two.
During the attack its ok to 'shoot',
to drive them away, stop the attack.
There is the capability to penetrate
PCs real time during an attack.
Some of the attacks go on for
hours.
The Government should consider
developing a force to do just that.
Penetrate the attackers through VPNs
and proxys trace the attack to the source.
I'm not saying it would be easy, but
Google demonstrated the principle
during the attacks on their network.
It can be done.
The Paradigm now is America is an
easy rich target environment, and
virtually no down side risk to attack.
You can beat on their firewalls with
impunity, they are not going to come
out side the firewalls and come after
you.
US needs to end this paradigm,
and stop being a target for wana
bees and a safe training ground for
hackers.
NO one is afraid to attack US .mil
or .gov sites, why would they be.
Prosecution? very low risk, to
much effort to collect evidence,
to much time to prosecute, to distant
for trial, trouble with treatys.
That is not the case for self defense.
They attack, you counter attack,
attach some heavy cyber consequence
to an attack on American.
Cyber bloody some noses,
and publish the attack, the real
names, no prosecution,
PUNISH THE ATTACKERS,
IN REAL TIME.
The potential is there, its
been demonstrated.
Its do-able.
Enough with the victim whining
paradigm, time to move to the
new Sheriff in town operation.
Kick some perp ass,
get a reputation for offense.
Not just a target mentality.
Gerald
War Anthropologist
.
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home