[Cryptography] Blogpost: CITAS, a new FBI security program proposal

Tom Mitchell mitch at niftyegg.com
Mon Nov 24 22:11:14 EST 2014

On Mon, Nov 24, 2014 at 5:24 PM, Ray Dillinger <bear at sonic.net> wrote:

> Note to list participants: check the CC line of the original message
> before responding.
> ....
> > Brief: The FBI is proposing a security service to assist American
> > companies in achieving network security. It is called CITAS, for
> > "Computer Intrusion Threat Assessment System."
> ......
> > Less briefly:
> > http://dillingers.com/blog/2014/11/24/citas-threat-assessment-system/>
> > This arrangement strikes me as likely to be highly effective in terms of
> > security, because the FBI could leverage manpower and monitoring effort
> > across a huge pool of honeypots truly indistinguishable to attackers
> >from genuine targets.

As you stated a program like this both good and bad.
The international criminals are doing troubling things
so I am inclined to say that this is a good thing.
In the new IPV6 world I see this as a great idea for a while.

But there is always the halting problem -- how to make these
boxes go away.   They consume: space, bandwidth, power, cooling.
They demand access for installation upgrade etc...  unfunded
and unpaid for it is a hidden tax.

Another problem is how to let the device discover enough about
the world around it to be effective.   That process could result
in many quietly owned machines.  If the honeypot signature
was discovered by the bad guys that quietly already own many
machines for some future purpose "badder" things might happen.

I am a fan of honeypot technology but I believe it is too easy
to corrupt and also too easy for the internet to become immune
to a monoculture of honeypots.  It is a known fact that software
test systems fail to adapt and catch less and less interesting problems
as the developer community get immune to the known issues.

For example fail2ban, denyhosts and friends know how to share bogus
I would be willing to share my disallowed contacts with {denyhosts,hpot}.
and get a filtered list of bad actors in return.

A better program is to go back to operating system design and
build a better foundation (including hardware).    One pressure is
the industry that provides virus protection.   If M$ eliminates the need
litigation might follow.
The baby steps we are seeing makes it difficult to squash the root
of the problem.....

In the world of mandated health care I can see a requirement that
anti virus software be provided free to all ISP customers (like flu shots).
My ISP is Comcast-Xfinity and they do provide a no additional charge
I am sure it saves them a lot of spam consuming bandwidth.

One step might be a public POSIX standard for WindowZ.....   That would
alternate systems to be developed and run the same software products safer.
Yes I am naive... err dreaming.

  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141124/ee331a2f/attachment.html>

More information about the cryptography mailing list