US/1
Growing State Surveillance: National Security Agency Whistleblower William Binney (April 20, 2012)
--------------------------------------------------------------------------------------------------------|
BlackNET MemberJames Bamford: Inside the NSA's Largest Secret Domestic Spy Center (at the bottom of this center column)
--------------------------------------------------------------------------------------------------------|
-CyBER-BlackSEC- LIMITED DISSEMINATION
BKNT--OSSI Open Source Industry Day co-hosted by the National Security Agency!
Thank you for registering for the OSSI Open Source Industry Day co-hosted by the National Security Agency!
There are only about 100 seats remaining. If your partners, associates and coworkers are interested in attending please recommend they register immediately. http://thebridge.oss-institute.org/index.php/calendar/opensourceindustryday
We are quickly running out of exhibitor tables. If your company would like an exhibit table, please register now. http://thebridge.oss-institute.org/index.php/calendar/opensourceindustryday
If you have purchased a table, please bring the following with you for exhibit.
All tables are expected to be ready to receive traffic by 0730 on May 30th. Doors will open at 0630 for exhibitors, 0730 for attendees. The continental breakfast will be served in the exhibit area to encourage interaction with attendees.
Information regarding transportation, directions and accommodations can be found here http://thebridge.oss-institute.org/index.php/component/content/article/14-events/37-industry-day-directions-transportation-and-nearby-hotels
Are you an OSSI Sponsor? If not there is still time before this event. http://www.oss-institute.org/index.php/lbgmembership-informationlbg-mainmenu-41
There is a WiFi signal in the building available for use. Bandwidth will be limited. If you are using the available WiFi please be considerate of others and turn off your WiFi feature when not in use. Your help will lighten the load and potentially make a difference to some who have WiFi only access.
As a registered attendee you will receive a conference package prior to the event. Please print, download, copy or photograph anything you need for that day. As a consideration for the environment there will be no printed schedules or programs. OSSI will have posters with information throughout the conference area.
-CyBER-BlackSEC- LIMITED DISSEMINATIONUS/1; ATTN: OSINT, AD-Crew; HST/1 & 2; SCI/2; US/12; CID/2; US/5; US/30; YQ/G-1
BKNT--OSSI Open Source Industry Day co-hosted by the National Security Agency!
Thank you for registering for the OSSI Open Source Industry Day co-hosted by the National Security Agency!
There are only about 100 seats remaining. If your partners, associates and coworkers are interested in attending please recommend they register immediately. http://thebridge.oss-institute.org/index.php/calendar/opensourceindustryday
We are quickly running out of exhibitor tables. If your company would like an exhibit table, please register now. http://thebridge.oss-institute.org/index.php/calendar/opensourceindustryday
If you have purchased a table, please bring the following with you for exhibit.
- Tablecloth - Your exhibit table is bare. Please bring a cover.
- Extension Cord - Electricity is available. 12 Ft of cord should be sufficient.
- Power Strip - If you need it, bring it.
- Free standing graphics - Attaching graphics to walls is prohibited.
Please let us know if you are interested in setting up on the afternoon of the 29th. We have limited access to the facility prior to 5/30.
All tables are expected to be ready to receive traffic by 0730 on May 30th. Doors will open at 0630 for exhibitors, 0730 for attendees. The continental breakfast will be served in the exhibit area to encourage interaction with attendees.
Information regarding transportation, directions and accommodations can be found here http://thebridge.oss-institute.org/index.php/component/content/article/14-events/37-industry-day-directions-transportation-and-nearby-hotels
Are you an OSSI Sponsor? If not there is still time before this event. http://www.oss-institute.org/index.php/lbgmembership-informationlbg-mainmenu-41
There is a WiFi signal in the building available for use. Bandwidth will be limited. If you are using the available WiFi please be considerate of others and turn off your WiFi feature when not in use. Your help will lighten the load and potentially make a difference to some who have WiFi only access.
As a registered attendee you will receive a conference package prior to the event. Please print, download, copy or photograph anything you need for that day. As a consideration for the environment there will be no printed schedules or programs. OSSI will have posters with information throughout the conference area.
[Information contained in BKNT E-mail is considered Attorney-Client and Attorney Work Product privileged, copyrighted and confidential. Views that may be expressed are those of the author(s) and do not necessarily reflect those of any government, agency, or news organization.]
FISA Applications for Covert Surveillance Increased in 2011
By: Anthony Kimery05/04/2012 ( 9:16am)
Coinciding with an increase in federal investigations of terrorists, espionage and other threats on United States soil that fall under the authority of the Foreign Intelligence Surveillance Act (FISA) and require that applications for covert surveillance be submitted and approved by the secret Foreign Intelligence Surveillance Court (FISC), in fiscal year 2011, the government submitted 1,745 applications to FISC.
All applications were for foreign intelligence purposes pursuant to FISA to conduct covert electronic surveillance and/or physical searches, to gain access to certain business records (“including the production of tangible things”). They also included requests made by the FBI pursuant to national security letter authorities.
“The 1,745 applications include applications made solely for electronic surveillance, applications made solely for physical search, and combined applications requesting authority for electronic surveillance and physical search,” Assistant Attorney General Ronald Weich informed Congress through Vice President Joe Biden in the required annual report on FISA surveillance applications by the government.
“Of these, 1,676 applications included requests for authority to conduct electronic surveillance,” Weich said. “Of these 1,676 applications, two were withdrawn by the government. The FISC did not deny any applications in whole, or in part. The FISC made modifications to the proposed orders in 30 applications. Thus, the FISC approved collection activity in a total of 1,674 of the applications that included requests for authority to conduct electronic surveillance.”
The government submitted 1,579 FISA applications in fiscal year 2010, including 1,511 for electronic surveillance.
Government counterterrorism intelligence officials told Homeland Security Today on condition of anonymity that part of the increase in FISA surveillance applications “came about directly from” investigations of thwarted domestic and foreign terrorist plots against the United States in FY 2010 and FY 2011, as well as in response to materials seized in relation to the raid on Osama Bin Laden’s compound in Pakistan and the resulting investigations.
“The new report says that the government filed 205 applications for business records for foreign intelligence purposes last year, compared to 96 in the previous year,” and that “the number of ‘national security letters’ (a type of administrative subpoena) declined last year,” noted Steven Aftergood, director of the Federation of American Scientists' (FAS) Project on Government Secrecy in his FAS blog, Secrecy News.
“In 2011, the FBI requested 16,511 national security letters pertaining to 7,201 US persons, compared to the 2010 total of 24,287 letter requests concerning 14,212 US persons,” Aftergood added.
“As is usually the case, the FIS Court did not deny any electronic surveillance applications in whole or in part last year, though it made modifications to 30 of them,” Aftergood said.
[Information contained in BKNT E-mail is considered Attorney-Client and Attorney Work Product privileged, copyrighted and confidential. Views that may be expressed are those of the author(s) and do not necessarily reflect those of any government, agency, or news organization.]
------------------------------------------------------------------------------------------------|UK Protests...continue:
-------------------------------------------------------------------------------|
CyBER-BlackSEC- OPEN SOURCE
HSToday.us; US/1; ATTN: [REDACTED, ET.AL.]
NSA Director Elaborates On DHS Minimum Cybersecurity Standards
By: Mickey McCarter
05/09/2012 ( 9:00am)
The director of the National Security Agency (NSA) recently wrote to Sen. John McCain (R-Ariz.) to defend comprehensive cybersecurity legislation, such as that championed by Sens. Joseph Lieberman (I-Conn.) and Susan Collins (R-Maine).
On March 27, Army Gen. Keith Alexander, NSA director and chief of US Cyber Command (CYBERCOM), told a hearing of the Senate Armed Services Committee that he believes the Department of Homeland Security (DHS) should oversee the hardening of the cybersecurity of US critical infrastructure. McCain attacked such reasoning as placing too much control of national cybersecurity in the hands of an inexperienced DHS bureaucracy and as promulgating regulations that would be burdensome to business.
Two days later, McCain wrote to Alexander to ask him to clarify his views on his support of the Cybersecurity Act (S. 2105), the bill sponsored by Lieberman, Collins and others. Alexander defended a significant role for both DHS and NSA in national cybersecurity last week in his response, a copy of which was obtained by Homeland Security Today.
In his letter, Alexander said congressional legislation should bolster information sharing and critical infrastructure hardening.
"If the Department of Defense (DoD) is to defense the nation against cyberattacks originating from outside the United States, it must be able to see those attacks in real time. This requires legislation that, at a minimum, removes existing barriers and disincentives that inhibit the owners of the critical infrastructure from sharing cyber threat indicators with the government," Alexander wrote.
"Additionally, given DoD reliance on certain core critical infrastructure to execute its mission, as well as the importance of the nation's critical infrastructure to our national and economic security overall, legislation is also needed to ensure that infrastructure is sufficiently hardened and resilient," he added.
Businesses currently lack incentives generally to upgrade their cybersecurity defenses to the level required to successfully defend them, the general argued. Setting some minimum security requirements would ensure that owners and operators of core critical infrastructure take measures to harden their networks and thereby discourage adversaries from attacking those networks.
"At the same time, it is important that legislative requirements not be too burdensome," Alexander acknowledged.
In the March 27 hearing and in other forums, McCain contended that the NSA has more cybersecurity expertise and experience, and thus strengthening its cybersecurity capabilities would be more sensible than building up the cybersecurity capabilities of an ineffective DHS.
But Alexander disagreed, saying in his letter that DHS, NSA and the FBI have distinctive and unique roles in national cybersecurity.
"No single public or private entity has all of the required authorities, resources and capabilities; cybersecurity requires a team," Alexander wrote.
The distribution of cybersecurity responsibilities across DHS, FBI and NSA complement one another, forming such a team effort, he said. DHS works to secure unclassified federal civilian networks, to increase the capability of core critical infrastructure and to bolster national resilience. In the event of a significant cyberattack, DHS would coordinate the federal response, Alexander said.
Meanwhile, the FBI investigates, prevents and responds to cyberattacks with its criminal and intelligence authorities as the lead agency for domestic cyberthreat intelligence and attribution as well as law enforcement and domestic counterintelligence. The FBI feeds DHS information to strengthen cybersecurity preparation and protection measures.
The private sector shares information with DHS and the FBI currently, but that information sharing is limited, which weakens the efforts of those agencies to secure cyberspace, Alexander said.
"With respect to both the DHS and FBI roles, the limited, voluntary information sharing by the private sector inhibits the government's ability to protect domestic cyberspace, which is why it must be a key element of any cyberlegislation as I mentioned earlier. It would also greatly benefit DoD, which assists DHS and the FBI with intelligence support in their respective roles," he wrote.
NSA and CYBERCOM must work to defend national assets from foreign cyberthreats. They collect intelligence, attribute attacks, provide guidance for strengthening US national security, and distribute intelligence to DHS, Alexander said.
While DoD relies upon core critical infrastructure to carry out its missions, DoD can work with DHS to secure that infrastructure, with DHS taking the lead on standards for civilian systems, he continued, stressing that doing so would not interfere with DoD reliance on "power, transportation, telecommunications and the Defense Industrial Base (DIB)."
"Pursuant to the administration's proposals, DHS would, in consultation with the private sector and in coordination with DoD and other sector-specific agencies, be responsible for setting cybersecurity requirements and ensuring they achieve a baseline level of security," Alexander wrote. "DoD would share the responsibility to protect the DIB with DHS, support DHS efforts to protect other critical infrastructure and defend the nation in the event of a cyberattack on the critical infrastructure. FBI would be responsible for conducting investigations of intrusion activity in those critical infrastructure networks inside the United States."
DHS cannot protect core critical infrastructure without the assistance of NSA and the FBI, but it is wholly appropriate that it lead core critical infrastructure protection efforts for the private sector, the general emphasized.
McCain expressed concerns that technological innovations could outpace the ability of DHS, or even NSA, to keep up with national cybersecurity defenses.
But Alexander said proposals championed by the White House and envisioned by the Cybersecurity Act would not specify particular technologies and thus ensure maximum flexibility.
"The proposed security requirements in the administration's proposal would not dictate specific measures that may become outdated but rather would require critical infrastructure to achieve security results using methods of their choice," Alexander wrote.
He added, "We expect this approach will actually result in greater innovation, as companies look to the commercial market to produce security products and services that satisfy these requirements. Additionally, it is important to note that the administrations' proposal leverages, rather than duplicates, existing regulatory processes, allows for exemption of certain core infrastructure for which sector-specific regulatory agencies have sufficient requirements and enforcement mechanisms, and explicitly excludes regulation of technology products and services."
Follow me on Twitter at www.twitter.com/mickeymccarter
On March 27, Army Gen. Keith Alexander, NSA director and chief of US Cyber Command (CYBERCOM), told a hearing of the Senate Armed Services Committee that he believes the Department of Homeland Security (DHS) should oversee the hardening of the cybersecurity of US critical infrastructure. McCain attacked such reasoning as placing too much control of national cybersecurity in the hands of an inexperienced DHS bureaucracy and as promulgating regulations that would be burdensome to business.
Two days later, McCain wrote to Alexander to ask him to clarify his views on his support of the Cybersecurity Act (S. 2105), the bill sponsored by Lieberman, Collins and others. Alexander defended a significant role for both DHS and NSA in national cybersecurity last week in his response, a copy of which was obtained by Homeland Security Today.
In his letter, Alexander said congressional legislation should bolster information sharing and critical infrastructure hardening.
"If the Department of Defense (DoD) is to defense the nation against cyberattacks originating from outside the United States, it must be able to see those attacks in real time. This requires legislation that, at a minimum, removes existing barriers and disincentives that inhibit the owners of the critical infrastructure from sharing cyber threat indicators with the government," Alexander wrote.
"Additionally, given DoD reliance on certain core critical infrastructure to execute its mission, as well as the importance of the nation's critical infrastructure to our national and economic security overall, legislation is also needed to ensure that infrastructure is sufficiently hardened and resilient," he added.
Businesses currently lack incentives generally to upgrade their cybersecurity defenses to the level required to successfully defend them, the general argued. Setting some minimum security requirements would ensure that owners and operators of core critical infrastructure take measures to harden their networks and thereby discourage adversaries from attacking those networks.
"At the same time, it is important that legislative requirements not be too burdensome," Alexander acknowledged.
In the March 27 hearing and in other forums, McCain contended that the NSA has more cybersecurity expertise and experience, and thus strengthening its cybersecurity capabilities would be more sensible than building up the cybersecurity capabilities of an ineffective DHS.
But Alexander disagreed, saying in his letter that DHS, NSA and the FBI have distinctive and unique roles in national cybersecurity.
"No single public or private entity has all of the required authorities, resources and capabilities; cybersecurity requires a team," Alexander wrote.
The distribution of cybersecurity responsibilities across DHS, FBI and NSA complement one another, forming such a team effort, he said. DHS works to secure unclassified federal civilian networks, to increase the capability of core critical infrastructure and to bolster national resilience. In the event of a significant cyberattack, DHS would coordinate the federal response, Alexander said.
Meanwhile, the FBI investigates, prevents and responds to cyberattacks with its criminal and intelligence authorities as the lead agency for domestic cyberthreat intelligence and attribution as well as law enforcement and domestic counterintelligence. The FBI feeds DHS information to strengthen cybersecurity preparation and protection measures.
The private sector shares information with DHS and the FBI currently, but that information sharing is limited, which weakens the efforts of those agencies to secure cyberspace, Alexander said.
"With respect to both the DHS and FBI roles, the limited, voluntary information sharing by the private sector inhibits the government's ability to protect domestic cyberspace, which is why it must be a key element of any cyberlegislation as I mentioned earlier. It would also greatly benefit DoD, which assists DHS and the FBI with intelligence support in their respective roles," he wrote.
NSA and CYBERCOM must work to defend national assets from foreign cyberthreats. They collect intelligence, attribute attacks, provide guidance for strengthening US national security, and distribute intelligence to DHS, Alexander said.
While DoD relies upon core critical infrastructure to carry out its missions, DoD can work with DHS to secure that infrastructure, with DHS taking the lead on standards for civilian systems, he continued, stressing that doing so would not interfere with DoD reliance on "power, transportation, telecommunications and the Defense Industrial Base (DIB)."
"Pursuant to the administration's proposals, DHS would, in consultation with the private sector and in coordination with DoD and other sector-specific agencies, be responsible for setting cybersecurity requirements and ensuring they achieve a baseline level of security," Alexander wrote. "DoD would share the responsibility to protect the DIB with DHS, support DHS efforts to protect other critical infrastructure and defend the nation in the event of a cyberattack on the critical infrastructure. FBI would be responsible for conducting investigations of intrusion activity in those critical infrastructure networks inside the United States."
DHS cannot protect core critical infrastructure without the assistance of NSA and the FBI, but it is wholly appropriate that it lead core critical infrastructure protection efforts for the private sector, the general emphasized.
McCain expressed concerns that technological innovations could outpace the ability of DHS, or even NSA, to keep up with national cybersecurity defenses.
But Alexander said proposals championed by the White House and envisioned by the Cybersecurity Act would not specify particular technologies and thus ensure maximum flexibility.
"The proposed security requirements in the administration's proposal would not dictate specific measures that may become outdated but rather would require critical infrastructure to achieve security results using methods of their choice," Alexander wrote.
He added, "We expect this approach will actually result in greater innovation, as companies look to the commercial market to produce security products and services that satisfy these requirements. Additionally, it is important to note that the administrations' proposal leverages, rather than duplicates, existing regulatory processes, allows for exemption of certain core infrastructure for which sector-specific regulatory agencies have sufficient requirements and enforcement mechanisms, and explicitly excludes regulation of technology products and services."
Follow me on Twitter at www.twitter.com/mickeymccarter
[Information contained in BKNT E-mail is considered Attorney-Client and Attorney Work Product privileged, copyrighted and confidential. Views that may be expressed are those of the author(s) and do not necessarily reflect those of any government, agency, or news organization.]
No comments:
Post a Comment