This makes yet another year I didn’t make it to DEFCON, the longest-running hacker conference now in its 15th year. Which is unfortunate, because I really would have loved to have been at the opening speech at the Black Hat Briefings, held just prior to the main event this weekend, and at which the National Security Agency got up and asked the hacker community for help.
Tony Sager, chief of NSA’s Vulnerability Analysis and Operations Group, addressed the crowd Wednesday, saying that IT security and information assurance is now too big a problem for government to solve on its own.
As part of its information assurance mission, NSA participates in various computer security initiatives such as the Common Vulnerabilities and Exposures security vulnerability index and the Department of Homeland Security’s Security Content Automation Program. NSA also publishes security configuration guides for various operating systems such as Windows Vista and Mac OS X, as well as SELinux, a version of the Linux kernel with improved security.
“We’ve got to figure out how to solve this problem with solutions that scale across the entire community,” Sager said. That means his agency has to bring its information to the table and find common ground with the private and academic sectors. “‘We’re from the government and we’re here to help’ doesn’t work with this crowd.”
Although much of NSA’s work remains secret, Sager’s group is a reflection of the need to develop open and standardized security and research practices.
When he began working at NSA in 1977, “it was a dramatically different security problem,” he said. IT security was a government monopoly. “The government owned the problem” and could control the technology. “Those days are over.”
NSA has struggled with the change in culture. “But you have no choice but to be concerned about the security of commercial products” over which the government has no control, Sager said. “We changed the way we behaved” to gain the trust and cooperation of the security research community. — Government Computer News
I’m always amazed on those rare occasions when government actually admits that it can’t do something. Government can’t really do much of anything very well, though it hates to admit it. Anything government isn’t doing means less taxpayer money lining bureaucrats’ and contractors’ pockets, and what government isn’t doing gets done better.
I just wish I could have been there to see it myself. Unlike last year, I could easily have afforded to go, but I waited too long to get my travel plans in order. Oh well, there’s always next year.
(Hat tip: Fergie’s Tech Blog)
(No Ratings Yet)
Loading ...
Join the members of the Liberty Conspiracy as they discuss issues ranging from the "Incorporation Doctrine" and gun rights, to the NBA, to protests conducted at military funerals, protests that are being challenged by government, and which will be heard by the philosopher kings in the U.S. Supreme Court.
When neoconservative Ben Stein accused Congressman Ron Paul of being antisemitic for merely wanting to ask WHY Islamic terrorists want to attack the civilians living under western governments that have meddled in the Mideast, the members of the Conspiracy could not sit by silently.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works license.
Video published by this site is licensed under a Creative Commons Sampling+ license.
Facebook
Digg
del.icio.us
reddit.com
Newsvine
buck09
Aug 02, 2007
“Government can’t really do much of anything very well, though it hates to admit it.”
Since it sound like you’re interested in information security, surely you agree that the NIST 800 series is one of those things that is done well, right?
phil
Aug 02, 2007
Wouldn’t it be nice if all of the goverment were so open and forthcoming with the nation? Perhaps then people would truly feel that they could help make a difference in this country. For now the pesimism persists, and I’m unsure of when our children will get past that – hopefully this “war” will end soon, that could be a start.
skeptic
Aug 03, 2007
NIST 800 reports? Yeah, just as high quality nd depth like that NIST report on WTC….
buck09
Aug 03, 2007
skeptic – I’d love to hear a critique of one of the documents in the NIST CSRC 800 series. Is there any one of those reports in particular you take issue with? (Or was that just a random, uninformed remark?)
Michael Hampton
Aug 03, 2007
The NIST 800 series publications seem fine to me as far as the information provided. The problem is how much they cost.
buck09
Aug 03, 2007
How much they cost? I don’t understand. (Unless you’re referring to tax dollars..)
Me
Aug 20, 2007
My thoughts…
Security is an illusion ultimately. The NSA knows this. There is no homeland security, network security, personal security. It is not a quip it is one of the few things that is true. NIST 800 series is just fine for what it is…a good attempt.
The government does a lot of things right but most government employees are 1- not personally effected by their actions and so you get often get bad results or 2- stand to profit in some way by their actions and so you get more bad results. Powerful governments are very good at getting their way, whatever that may be. Why are you buck09, so defensive of the government? Were you involved in the creation of the publications in some way?