[Infowarrior] - DHS chief contemplating proactive cyber attacks

[Richard Forno]

(c/o PF, and I echo is "WTF" comment to me. --rick)

Homeland Security chief contemplating proactive cyber attacks

By Steve Johnson

sjohnson at mercurynews.com

Posted:   04/16/2012 07:35:38 PM PDT
Updated:   04/16/2012 09:08:36 PM PDT

http://www.mercurynews.com/rss/ci_20410915

Homeland Security Secretary Janet Napolitano said Monday she would consider having tech companies participate with the government in "proactive" efforts to combat hackers based in foreign countries.

Napolitano, who made the comments during a meeting at the San Jose Mercury News with the editorial board and reporters, declined to say what steps corporations and federal agencies might take against foreign cybercrooks, who have been blamed for numerous computerized incursions against the United States. She made the remarks in response to a question, and emphasized the idea is merely one she would consider and that no decisions have been made.

In discussing the private partnerships she is promoting to combat cyberattacks, Napolitano was asked if instead of just taking defensive measures, the government and companies should be launching proactive counterattacks against foreign-based culprits. "Should there be some aspect that is in a way proactive instead of reactive?" she responded, and then answered her own question with "yes." She added, "it is not something that we haven't been thinking about," noting someone else had raised the subject with her earlier Monday.

However, Napolitano said some restrictions might have to be placed on businesses participating in such cyber activities because "what you are doing is authorizing a private entity to do what might otherwise be construed as an attack on another entity."

Coming from one of

the Obama administration's top national security officials, Napolitano's comments alarmed some cybersecurity specialists and civil libertarians, who said having companies participate in such activities could have grave consequences.
Melissa Hathaway, a former top federal cybersecurity official with the National Security Council and the Office of the Director of National Intelligence who now has a consulting firm, said she was surprised at Napolitano's comments and was unaware of any businesses that had participated in proactive cyberattacks.

"The private sector is not allowed to perform what is an inherently government activity" without a law permitting such activity, Hathaway said. An electronic pre-emptive strike against a foreign cyber adversary "could be interpreted as an act of war or armed aggression" depending on who is targeted, she added.

Napolitano's comments also troubled Dan Auerbach, staff technologist with the Electronic Frontier Foundation, a nonprofit group that lobbies to protect the privacy and civil liberties of people using the Internet.

"We all support having an environment where these cyber threats can't happen," he said. But he fears some proactive efforts -- such as shutting down a computer network that crooks have infiltrated -- might harm others who legitimately use the same network.

"When I hear proactive effort, it makes me cringe a little bit because it makes me wonder what the mechanism is going to be," Auerbach said.

Claiming many cyberattacks on targets in this country have been launched from China, experts say those and others have cost U.S. corporations billions of dollars and victimized many federal agencies. In July, then-Deputy Defense Secretary William Lynn revealed that "foreign intruders" have taken "terabytes of data" from defense companies, ranging from specifications for parts of tanks, airplanes and submarines to "our most sensitive systems."

As a result, federal officials have been actively recruiting business and other experts in the Bay Area to help defend the nation against the threat. Before visiting the Mercury News, Napolitano spent the morning at San Jose State appealing for assistance from businesses, students and others in the private sector.

Participants discussed "vulnerabilities" in the nation's computer infrastructure, said Napolitano, who described the sessions as "very productive." One idea proposed by the university's president, Mohammad Qayoumi, was to create a Center of Academic Excellence at the school focused on cybersecurity. It would work in conjunction with federal agencies, which have set up such centers around the country to conduct research on national security subjects.

"The idea would be to take a multidisciplinary approach to the issue, drawing from all of our colleges and many departments," including engineering, science, business, justice studies, political science and education, said San Jose State spokeswoman Pat Lopes Harris.

On a separate matter, Napolitano took issue with an article this weekend in The Wall Street Journal by Kip Hawley, former head of the Transportation Security Administration, a branch of Napolitano's agency that Hawley disparaged  for having "bred contempt" among the public.

"More than a decade after 9/11, it is a national embarrassment that our airport security system remains so hopelessly bureaucratic and disconnected from the people whom it is meant to protect," Hawley wrote.

In response, Napolitano said her agency has made a number of improvements in the way the TSA operates and plans more. But she added that minimizing passenger problems while bolstering security wasn't easy because "we're dealing with the largest, most complex aviation system in the world."


---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.