SecurityCertified

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Tuesday, October 4, 2011

Inside a Congressional Hearing on Digital Threats

Posted on 5:51 PM by Unknown
Today I was fortunate to attend a hearing of the US House Permanent Select Committee on Intelligence (HPSCI). That's me on the far left of the photo, seated behind our MANDIANT CEO Kevin Mandia. I'd like to share a few thoughts on the experience.

First, I was impressed by the attitudes of all those involved with HPSCI, from the staffers to the Representatives themselves. They were all courteous and wanted to hear the opinions of Kevin and the other two witnesses (Art Coviello from RSA and Michael Hayden from the Chertoff Group), whether before, during, or after the hearing.

Second, I thought Reps Mike Rogers (R-MI, HPSCI Chairman) and C.A. Dutch Ruppersberger (D-MD, HPSCI Ranking Member) offered compelling opening statements. Rep Rogers squarely pointed the finger at our overseas adversaries. As reported by PCWorld in U.S. Lawmakers Point to China as Cause of Cyberattacks, Rep Rogers said:

"I don't believe that there is a precedent in history for such a massive and sustained intelligence effort by a government to blatantly steal commercial data and intellectual property...

China's economic espionage has reached an intolerable level and I believe that the United States and our allies in Europe and Asia have an obligation to confront Beijing and demand that they put a stop to this piracy."

You can watch all of Rep Rogers' statement on YouTube as Rep. Mike Rogers criticizes Chinese economic cyber-espionage (currently 21 views -- let's increase that!)

General Hayden reinforced Rep Rogers' sentiment with this quote:

"As a professional intelligence officer, I step back in awe of the breadth, the depth, the sophistication, the persistence of the Chinese espionage effort against the United States of America."

Third, I was very pleased that this hearing was conducted in an open forum, and not behind closed doors. While I haven't found the whole hearing online or on TV yet (aside from Rep Rogers' statement and that of Rep Myrick (R-NC)), I encourage as much discussion as possible about this issue.

One of General Hayden's points was that we are not having a debate about how to address digital threats because no one agrees what the facts are. If you work counter-intrusion operations every day, or participate in the intelligence community, you know what's happening. Outside that world, you likely think "APT" and the like are false concepts. We can really only build a national approach to countering the threat if enough people know what is happening.

As more information becomes available I will likely publish it via my @taosecurity Twitter account.
Tweet
Email ThisBlogThis!Share to XShare to Facebook
Posted in china, threats | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • DojoCon Videos Online
    Props to Marcus Carey for live streaming talks from DojoCon . I appeared in my keynote , plus panels on incident response and cloud secur...
  • Practice of Network Security Monitoring Table of Contents
    Since many of you have asked, I wanted to provide an updated Table of Contents for my upcoming book, The Practice of Network Security Monito...
  • Mandiant APT1 Report: 25 Best Commentaries of the Last 12 Days
    Two weeks ago today our team at Mandiant was feverishly preparing the release of our APT1 report . In the twelve days that followed public...
  • Feedback from Network Security Monitoring 101 Classes
    At Black Hat in Las Vegas I taught two Network Security Monitoring 101 (NSM101) classes. This is a new class that I developed this year, a...
  • A Book for the Korean Cyber Armies
    I've got a book for the Korean cyber armies, North and South. That's right, it's my first book , The Tao of Network Security Mo...
  • What is Cloud?
    The slide at left was one of my favorites from Craig Balding's Cloud Security Ghost Story talk from Black Hat EU earlier this year. I ...
  • SQL Injection Challenge and Time-Based Security
    Thanks to this Tweet by @ryancbarnett, I learned of the lessons learned of the Level II component of the ModSecurity SQL Injection Challen...
  • Bejtlich Speaking at TechTarget Emerging Threats Events in Seattle and New York
    I will be speaking at two events organized by TechTarget , for whom I used to write my Snort Report and Traffic Talk articles. The one-da...
  • BeyondTrust Report on Removing Administrator: Correct?
    Last week BeyondTrust published a report titled BeyondTrust 2009 Microsoft Vulnerability Analysis . The report offers several interesting ...
  • President Obama Is Right On US-China Hacking
    I strongly recommend watching the excerpt on the Charlie Rose show titled Obama: Blunt Conversation With China on Hacking . I reproduced the...

Categories

  • afcert
  • Air Force
  • analysis
  • announcement
  • apt
  • attribution
  • bestbook
  • blackhat
  • books
  • breakers
  • bro
  • bruins
  • certification
  • china
  • cisco
  • cissp
  • cloud
  • clowns
  • commodore
  • conferences
  • controls
  • correlation
  • counterintelligence
  • cybercommand
  • cyberwar
  • dfm
  • education
  • engineering
  • feds
  • fisma
  • freebsd
  • GE
  • ge-cirt
  • hakin9
  • history
  • impressions
  • information warfare
  • ipv6
  • law
  • leadership
  • malware
  • mandiant
  • microsoft
  • mssp
  • nsm
  • offense
  • oisf
  • packetstash
  • philosophy
  • pirates
  • powerpoint
  • press
  • psirt
  • reading
  • redteam
  • reviews
  • russia
  • sans
  • sec
  • sguil
  • snorby
  • spying
  • threat model
  • threats
  • Traffic Talk
  • training
  • tufte
  • tv
  • ubuntu
  • usenix
  • verizon
  • vulnerabilities
  • wisdom
  • writing

Blog Archive

  • ►  2013 (16)
    • ►  September (1)
    • ►  August (1)
    • ►  June (2)
    • ►  April (2)
    • ►  March (1)
    • ►  February (3)
    • ►  January (6)
  • ►  2012 (60)
    • ►  December (4)
    • ►  November (5)
    • ►  October (3)
    • ►  September (10)
    • ►  August (2)
    • ►  July (6)
    • ►  June (6)
    • ►  May (4)
    • ►  April (2)
    • ►  March (9)
    • ►  February (6)
    • ►  January (3)
  • ▼  2011 (108)
    • ►  December (3)
    • ►  November (7)
    • ▼  October (11)
      • MANDIANT Webinar Friday
      • Review of America the Vulnerable Posted
      • Republican Presidential Candidates on China
      • Bejtlich in "The expanding cyber industrial complex"
      • Computer Incident Response Team Organizational Sur...
      • Interview with One of My Three Wise Men
      • Russia v China -- Sound Familiar?
      • It's All About the Engines
      • House Cybersecurity Task Force Report Released
      • C-SPAN Posts Video of Tuesday Hearing
      • Inside a Congressional Hearing on Digital Threats
    • ►  September (9)
    • ►  August (18)
    • ►  July (10)
    • ►  June (5)
    • ►  May (4)
    • ►  April (13)
    • ►  March (17)
    • ►  February (2)
    • ►  January (9)
  • ►  2010 (193)
    • ►  December (14)
    • ►  November (11)
    • ►  October (6)
    • ►  September (16)
    • ►  August (15)
    • ►  July (26)
    • ►  June (15)
    • ►  May (15)
    • ►  April (15)
    • ►  March (16)
    • ►  February (19)
    • ►  January (25)
  • ►  2009 (123)
    • ►  December (10)
    • ►  November (17)
    • ►  October (21)
    • ►  September (13)
    • ►  August (20)
    • ►  July (21)
    • ►  June (21)
Powered by Blogger.

About Me

Unknown
View my complete profile