Fwd: [ISN] Pentagon Wants to Secure Dot-Com Domains of Contractors

[Paul Ferguson <fergdawgster () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FYI,

- - ferg


- ---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>
Date: Sun, Aug 15, 2010 at 11:51 PM
Subject: [ISN] Pentagon Wants to Secure Dot-Com Domains of Contractors
To: isn () infosecnews org


http://www.theatlantic.com/politics/archive/2010/08/nsa-might-monitor-dotco
m-domains-for-defense-contractors/61456/

By Marc Ambinder
The Atlantic
Aug 13 2010

To better secure unclassified information stored in the computer
networks of government contractors, the Defense Department is asking
whether the National Security Agency should begin to monitor select
corporate dot.com domains, several officials and consultants briefed on
the matter said.

Under the proposal, which is being informally circulated throughout the
department and the Department of Homeland Security, the NSA could set up
equipment to look for patterns of suspicious traffic at the internet
service providers that the companies' networks run through. The agency
would immediately notify the Pentagon and the companies if pernicious
behavior were detected. The Agency would not directly monitor the
content of the data streams, only its meta-data. (A Pentagon
spokesperson called later to clarify that it would not be legal for the
NSA to "monitor" private networks; rather, "DoD and NSA are seeking to
provide technical advice, expertise and information to the defense
industrial base.")

The proposal originated in the Office of the Secretary of Defense.
Because of the sensitivity associated with NSA internet surveillance and
capabilities, the fact of the exploratory tasker, as it is known in
Pentagon parlance, and details associated with it are being closely
held.

The new program would apply to the companies that make up the Defense
Industrial Base (DIB)  and only to the parts of those companies that
indigenously store and use sensitive information. As the Department
reconfigures its network defenses and the internal structure of its
information operation, it continues to deal with a large number of
aggressive hacker attacks and data penetrations.  Classified information
is not supposed to be stored on any dot.mil subdomain that is accessible
to outside computer networks.

[...]


- --
Visit InfoSec News!
http://www.infosecnews.org/



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFMaXipq1pz9mNUZTMRAlMmAKCu+OIc3CymiLSAYv++r03ShVRv4gCgxtCJ
suka+AXErJ5v+0wcKfIbUTw=
=32/p
-----END PGP SIGNATURE-----


-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.