Home » Cyber Security Center » Everyone Knows More than the Person Responsible for Cyber Security

Everyone Knows More than the Person Responsible for Cyber Security

By Kevin Coleman
Defense Tech Cyber Warfare Correspondent

Why is it that people without security clearances and no insight into the many classified cyber attacks discredit information derived from these incidents because the sources and some data cannot be disclosed? Some immediately jump to conspiracy theories and claim these incidents are made up for one reason or another in support of someone’s agenda.

For example, recently I read a report that was said to “debunk” a report of a specific cyber incident. The debunkers claimed the incident didn’t happen. Yet, I was personally involved in the incident at a classified level and experienced it first hand so I know it took place.

Another individual actually thought they knew more about a national cyber security issue than Mike McConnell, a former Vice-Admiral in the U.S. Navy, former Director of the National Security Agency, as well as being the Director of National Intelligence. It’s one thing to disagree with analysis or statements by Admiral McConnell, but to think they know more is quite different!

If that is not bad enough, some totally discounted Richard Clarke’s stark warning of an “electronic Pearl Harbor,” the United States must recognize that a full-scale cyber attack could cause death and destruction across the country within 15 minutes of launch, we must act quickly.” They called much of Clark’s public cyber security statements “sensational sound-bytes,” and went so far as to claim this was just the Government trying to take over the Internet.

Equally concerning is a growing tendency to be just as dismissive of reports by private security companies. They have become easy targets given they do have a vested interest and may benefit from increased security concerns. There are things that happen that are above my clearance level that I do not have access to, but that does not cause me to throw out or disregard the entire case.

Have we as a nation lost trust in our officials who are given the responsibility to protect our country from the growing list of enemies? It sure seems as if that is where we are given the dismissive nature that has been exhibited lately. Is it any wonder why Dennis Blair, the Director of National Intelligence resigned last week?

Who would want a role where you are constantly being second-guessed and criticized from the cheap seats. A very smart individual once told me: There are those that know, those that don’t know that they don’t know and those that think they know. Those who think they know are by far the most dangerous.

{ 29 comments… read them below or add one }

lasik May 26, 2010 at 2:23 pm

"Those who think they know are by far the most dangerous."

I think you just perfectly described Obama.

Reply

Brandon May 26, 2010 at 3:26 pm
anonymouser May 26, 2010 at 4:08 pm

Put up or shut up. You have more information? Fine. Keep it to yourself if it's classified secret or above. If it's not, just say what you know. This "I have a security clearance so I'm right and you're wrong" attitude doesn't go very far in establishing your (or anyone else's) credibility.

Reply

Mike May 26, 2010 at 4:44 pm

He was talking about people like you.

There are many cases where revealing info would cause more harm than good. He's just making the point that often these gov officials make decisions using info that others can't get at, and thus have a fuller picture. They reveal what they safely can. After they do that, it's the people without the security clearance and not involved in the incident say that the gov officials did it all wrong based on the unclassified info. They don't have the complete picture (like yourself).

I don't think his attitude came across as arrogant or smug or holier-than-thou. I thought he just stated his observations.

Reply

anonymouser May 26, 2010 at 5:01 pm

He wasn't talking about me and my ilk, no. I never asked for more info, I just contended that the lesser is said about stuff that you can't actually disclose, the better. This article is made up solely of unsubstantiated claims. As such, it shouldn't have been written.

As for me not having the complete picture: no-one does have it. I happen to work in the relevant industry, so I probably know just a wee bit more than most, but that doesn't make me run around complaining that the general public just doesn't get it (which they don't) or that they're generally ungrateful towards and paranoid about the intentions of the people trying to protect them (which they are).

I am a firm believer in the possibility of a "digital Pearl Harbor", btw. Let's just say that what passes for security in most deployed commercial SCADA systems is laughable at best, especially for the newer kind.

Reply

Mike May 26, 2010 at 5:58 pm

OK, thanks for the clarification. I'll agree with what you said there. This struck me as more of an opinion piece and I took it as such (as you said there isn't much substance).
Though the line about less being said about what you can't disclose being better, I'll agree. But stuff needs to be said about what can be disclosed - a more informed public is generally a good thing. Perhaps it would be an incentive for people to properly protect their computer and not be careless about digital information - when they see it as a national security issue and not just a personal issue (esp. in the case of botnets).

Reply

Kevin May 26, 2010 at 10:51 pm

Mike you were right on your first post. Some people can't be happy if others know more then they do! I hate to break it to "anonymouser" but that will always be the case.

Brian May 26, 2010 at 12:21 pm

Don’t get crushed under the weight of that cross.

Reply

yoko May 26, 2010 at 6:04 pm

The internet is full of armchair experts on everything.

On the other hand, claims like Clarke's "15 minutes" are attempts at sensationalism to then justify doing unpopular stuff. People are getting more and more wary of these tricks, especially after Tony Blair's "45 minutes", Bush's exaggerated claims of Saddam's WMDs, etc.

Reply

nraddin May 26, 2010 at 9:21 pm

Yes we have lost faith in those responsible with protecting us from our many enemies. We also watch as rights, freedoms and privacy is eroded by those same people and wonder if there talk of needing more security is just an excuse for more intrusion.

Having said that, there are things to worry about as far as security is concerned. I am not sure if it could be nearly as catastrophic as suggested, but coordinated with conventional attacks could be very disruptive that's for sure.

Reply

Kevin May 26, 2010 at 10:49 pm

Nraddin

YOU GOT IT RIGHT. You articulated the theme behind this posting. If we can't trust those who are responsible for protecting our nation, where are we? It is not about someone knowing more that another person, it is about not openly trusting them but giving them the benefit of the doubt.

Reply

Mister Reiner May 27, 2010 at 7:33 am

There are a lot of things that people don't know about when it comes to computer security and hacking, because they don't work in the field or have not experienced certain things themselves. As a result, they have a tendency of not believing what certain people say or claim has happened or is possible. When it comes to hacking, whatever you think is improbable is most likely possible. And if anyone thinks their systems are 100% secure, they are kidding themselves.

When you have government officials who contradict each other, say something that shows how under informed they are or how they just don't understand the problem - it undermines the credibility of all government officials, even if what some officials say is 100% true. The same goes for the DoD.

Reply

Oblat May 27, 2010 at 3:31 pm

Kevin loves McConnell because McConnell is busy funneling DoD money to his employer Booz Allen Hamilton. And Kevin would so dearly like to feed from that trough. But if all McConnell can do is scam 30 million from the Dod what hope is there for Kevin, an outsider without any expertise or contacts ?

The cyberscam pie is shrinking, and the real players arn't letting the fly by nights in on it.

Reply

PTSFP May 28, 2010 at 1:45 am

Really? Gee, Israel sees Cyber War as a real threat. It is so important to them that they have included a simulated cyber attack into a massive civil defense drill that they are running this week: http://cyberarms.wordpress.com/2010/05/27/cyber-a…

Kevin is right, Those in the know, especially Israel, is taking this as a very real threat and dealing with it accordingly. Maybe we could take some pointers from Israel.

Reply

Mike May 28, 2010 at 4:14 am

Israel as been at this for some time, a quick search on this site will show that.

Reply

D. Dieterle May 28, 2010 at 10:26 am

Okay, but my point still stands. Why, if our allies are taking this very seriously, do half of our own leaders not? Our own Cyber Czar thinks there is no Cyber War, even though many other credible leaders have said the opposite. Then their is the overwhelming evidence, but why let that get in the way?

Reply

Ptsfp May 28, 2010 at 2:43 pm

I kinda see this like the emperor’s new clothes. For the most part the government seems to be listening to the uninformed security “experts” that say we are fine, and there is no cyberwar. It doesn’t help either that the White House Cyber Czar has bought into this.

Israel, a nation that is very realistic about threats is taking this very seriously. Mike McConnell, former director of National Security Agency is taking this very seriously. This is not rocket science. Attend a Defcon or Blackhat security seminar and ask people there how secure our systems are.

When politicians drag their feet on something like this that is painfully obvious, it does discredit them. But then again, they are politicians, why let overwhelming evidence get in the way?

Reply

Mike May 28, 2010 at 3:20 pm

Related news http://www.defense.gov/home/features/2010/0410_cy…

Wired reports here http://www.wired.com/dangerroom/2010/05/cyber-com…

They even use a picture I've seen here…

Reply

Technolytics May 28, 2010 at 11:36 am

Add this to your thinking about this posting.

Hill Wants Access to Secret SIPRNet

http://whatsbrewin.nextgov.com/2010/05/hill_wants…

Reply

Ptsfp May 28, 2010 at 5:35 pm

That is insane! You gotta read that small print… lol…

Reply

Technolytics May 28, 2010 at 7:08 pm

This is really a sad state of affairs when it comes to our Congressional Leadership pulling something like this!

Reply

max1mos111 May 29, 2010 at 4:12 am

Just stopped by to wish all you a happy Memorial Day!

Max

Reply

max1mos111 May 29, 2010 at 4:16 am

We just came back from a BBQ. We cooked a lot of steak, dogs, and chicken.

Max

Reply

SugsDream June 1, 2010 at 9:59 am

I like the end of this thread, celebrating Memorial Day versus armchair conversations… and since this is a open forum & not an "interior operations/classified group of workers", by default it falls into armchair status :) p.s. I work in records mgmt/cyber security, so please don't "go there" with me, as I said, celebrate Memorial Day :)

Reply

Paul June 1, 2010 at 11:21 am

I am a retired G.I and I want to remind everone that people who want to get information can guess and make assumptions and when they question those who are cleared for and know much classified they are trying to confirm those assumptions and guesses. Much misinformation is generated to keep this from happening too much. If it is classified, it is best left alone.

Reply

Bill June 1, 2010 at 1:18 pm

"Have we as a nation lost trust in our officials who are given the responsibility to protect our country from the growing list of enemies?"

I hate to say it, but, as a nation, in short, yes. I won't venture into why, I'm only commenting based on the attitudes I see from day to day amongst my friends and co-workers.

Reply

urold-dad June 1, 2010 at 5:43 pm

Could it be Bill that the very fact that the murder of JFK was never solved have
anything to do with the situation. Ruby killed the only person who could have
really blown the lid off of this crime. It all started in 1926 -1930. TRUST IS A TWO
WAY STREET!

Reply

Aaron June 1, 2010 at 1:50 pm

I'm not saying that Mike McConnell has or hasn't extensive knowledge in Cyber Security, but I do want to point out that he is an administrator. So in order to prove the point, you should be relying on comparisons to experts in the field. Its the same situation at a hospital, the head of the hospital usually isn't the best doctor. In both cases, they lead organizations and make strategic decision from a high level, but have most likely been too far removed from the actual "grunt" work.

Reply

Guest June 1, 2010 at 4:47 pm

Have to agree, I now work with the ex CIO of a large state agency and he really only knows enough about IT to be dangerous. He was an administrator who had alot of very knowledgable people working for him.

Reply

Leave a Comment

Previous post:

Next post: