

N.S.A. Leaks Make Plan for Cyberdefense Unlikely - ghosh
http://www.nytimes.com/2013/08/13/us/nsa-leaks-make-plan-for-cyberdefense-unlikely.html?partner=rss&emc=rss&smid=tw-nytimesworld&

======
magic_haze
The arguments made for the plan (and NYT's reporting of it) seem
extraordinarily stupid. Nowhere in this article does anyone question the
initial premise of "monitor everything or nothing". What exactly is the need
to monitor the entire freaking internet for malware? Why can't they just
deploy their security, whatever that is, on high-value targets like, say, the
government networks, power plants etc? (I'll be generous and assume their
software is for protection against things like stuxnet... why would these
networks need to be connected to the internet in the first place?) The
argument of all-or-nothing seems like complete nonsense, to say the least.

> Senior agency officials concede that much of the technology needed to filter
> malicious software, known as malware, by searching incoming messages for
> signs of programs designed to steal data, or attack banks or energy firms,
> is strikingly similar to the technology the N.S.A. already uses for
> surveillance.

The mind boggles.

~~~
anologwintermut
The monitor everything or nothing thing is a false dichotomy. As is the
assumption that the NSA needs to be the ones doing it.

That said,critical infrastructure covers a hell of a lot more than that if
your trying to protect against targets in a full blown war. What happens if I
take out Visa or Mastercard's payment systems? Walmart's logistical planning
and inventory systems? The container management systems at major US ports?

------
jka
Have they been doing a good job at tracking down phishing and other attacks
from overseas thanks to all of their email monitoring? That would seem a close
analogy.

