<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Wed, Oct 5, 2016 at 6:31 AM, Jim Windle <span dir="ltr"><<a href="mailto:jim.windle@gmail.com" target="_blank">jim.windle@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">This isn't directly related to crypto but separating offensive and defensive cyber capabilities and missions might have interesting implications.</div></blockquote><div><br></div><div>This is an election year... vote and send love notes to the candidates telling them what changes you would love to see.<br><br>This is an interesting question.<br>In peacetime the director of both will have a branched org chart to manage both.<br>Thus there are already two but they are pushed deeper into the org chard and further </div><div>from the commander in chief. The current director's office might be best placed to </div><div>advise the oval office and congress in peace time. <br><br>In conflict both must answer to the commander in chief and other offices.<br>In a conflict it makes sense to look at the view that the commander in chief has.<br>Some are seeing evidence that we are in a contest (conflict) now so </div><div>this issue seems to have a need to move up the chart and others down.<br><br>In the context of the never say anything roll, it seems the NSA leadership</div><div>cannot fully disclose their activities in a staff meeting of both organizations.</div><div><br></div><div>A real problem with "black organizatons" is oversight. The CEO of a billion</div><div>dollar company has no clear visibility to his organization. These organizations</div><div>are bigger and sworn to secrecy.. <br><br>Budgets.. The NSA is possibly a $10 billion dollar organization<br>while the U.S. Cyber Command is only a $6.5 billion dollar organization.</div><div>There is more $$: In FY 2016, the President's Budget proposes $14 billion in cybersecurity </div><div>funding for critical initiatives
and research.<br><a href="https://www.whitehouse.gov/sites/default/files/omb/budget/fy2016/assets/fact_sheets/cybersecurity.pdf">https://www.whitehouse.gov/sites/default/files/omb/budget/fy2016/assets/fact_sheets/cybersecurity.pdf</a><br><br>But money is often an ill chosen poor choice for management and org charts.</div><div>By way of example I once worked at a Unix company and the infrastructure</div><div>for Unix was managed by a dozen engineers part time. The company relented</div><div>and allowed WindowZ machines which spawned an IT department to service</div><div>Windows. The IT department employed almost 200 staff and contractors inside</div><div>of two years. Product engineering was less than 200.<br><br>That staff of 200 gave that manager a seat at the big table while the dozen mangers</div><div>of the dozen Unix infrastructure engineers had no such big table visibility.<br><br>I fear that the issue of Cyber security does not have knowledgeable talent </div><div>at the big tables of government.<br><br>I consider IOT devices to be the equivalent of the fields of Belgium and the Ardennes forest paths </div><div>that negated the investment of the Maginot Line. The current invasion into IOT class</div><div>home devices is a symptom of flawed management and comprehension of </div><div>risks.</div><div><br></div><div>So yes reorganize...<br><br></div><div>Closer to cryptography small devices operating in concert have sufficient collective power</div><div>to attack many current crypto systems on a schedule that is faster than quantum computers.<br>Since the IOT class devices are inside our homes and businesses they are already</div><div>positioned inside and behind any real or imagined national fire wall resource. A hacked router is physically</div><div>positioned to conduct MITM attacks and spoof or steal credentials. A hacked storage device</div><div>can leak anything as a trickle or flood. In some cases once hacked changing the pass word</div><div>has diminished value protecting the device. Most are difficult or impossible to audit or restore to</div><div>a correct state with tools and knowledge available to homeowners and most small companies.</div><div><br></div><div><br><br> <br> <br><br></div><div><br><br><br><br><br></div><div> <a href="http://www.metzdowd.com/mailman/listinfo/cryptography" rel="noreferrer" target="_blank"></a><br></div><div><br></div></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>