It would be fascinating for American citizens to be attacked (cyber or otherwise) because they work for the federal government and another branch of that government messed up and allowed this database to be breached?
I'd imagine that every major US bank, healthcare provider and government department have been breached at some point by unauthorized person or persons. It's almost impossible for this not to be the case to my mind.
This seems sort of speculative to me - at least too speculative to base (important) policy on.
The way the US government would be likely to handle this situation is that they would recognize the threat and mandate that no such single database be created or that one be separated were it to exist. I don't know that they would change their mind about backdooring products and services when they can mitigate the scenario and address concerns a much easier way.
If this is implemented, it's going to be fun the day that someone from the government gets hacked and compromised via the very same security weaknesses they ordered.
Why is everyone so shocked? Has anyone ever talked to a friend that works for the Federal govt.? They are well known to be completely incompetent when it comes to technology. Even the DoD, which gets billions of dollars for cyber defense, often doesn't do things right.
How can you expect the Fed. Govt. to handle things competently when some of the best paid private contractors F' things up too. Security is hard.
What IS a bit surprising is not the fact that they were hacked, but that they actually found out they were hacked. From what I understand, the Fed. Govt. has lost even more important data (like designs for weapon systems), and not even realized it till like years later when the technology shows up in foreign weapons.
You think the government of Burma, for example could successfully attack an append-only public database product hosted and managed by another country where a large number of interested parites are acting as auditors?
An attack directed at your own govt is potentially a nightmare for the average individual. If the wrong information is stolen it could be used much farther down the road. Your govt may find itself at a disadvantage at a critical moment.
I'm a sense it's only not a nightmare if you aren't paying attention.
My point is the NSA and foreign counterparts do a disservice to their citizens. I would see the value in publishing vulnerabilities, I don’t see value for taxpayers in what they are doing now.
The United States government has spent and will continue to spend untold millions understanding these threats and studying the situation and techniques. In addition they are targeted by both more numerous and more advanced attacks than any group in the private sector by far.
Without a doubt no organization in the world knows as much about cybersecurity as the United States government, and up until now all of that knowledge has been held from the private sector behind many layers of classification. Don't you feel that it could be beneficial for the public to have a path for the two groups to work together?
I wonder what would happen in the event of a person working for a foreign government (diplomat, etc on assignment) being forced to log in to their govt laptop and access confidential info.
I'm a former fed...If what I'm hearing is true and they got access to SF86 data on EVERYONE then we are all screwed. Just from that alone the attackers would be able to build a huge map of all sorts of programs that the government has not acknowledged.
This is why I always laugh at NSA or FBI proposing ideas such as this because they need this to defend the country against "cyber threats". If anything a centralized solution like this where NSA has access to a lot of private companies's data would only make national security weaker and the country more vulnerable to attacks because of such single points of failure.
That solves ransomware, which is bottom of the barrel in the hacker world. The reason talk about this is so much about _defense_ lately is because if people as untalented as ransomware operators can make it into US corporate and government infrastructure, imagine how deep in state-employed hackers must be. In the past decade US government infrastructure has been deeply penetrated multiple times, with catastrophic consequences.
reply