Texas Cyber command

[UltraBudgie]

the problem with this 'feds to the rescue' partnership to 'protect critical infrastructure' is that it ignores the history of the problem. the critical infrastructure was dragged, with actual reliability experts kicking and screaming, on to the public web infrastructure, with the reasoning of 'oh we'll just make the web secure then and it will be better for everyone no problem!'. same as electronic voting. well, problem is as it turns out the same authorities who have 'stepped up' to make that infrastructure secure are the same ones who have systematically undermined security standards, hardware reliability, cryptographic implementation, reliable data transport service, legislative practice, etc. it turns out they don't want a secure infrastructure, they want an infrastructure that is their bitch, and only their bitch, with holes and weaknesses just enough that they can spoof and exert control deniably where they want, and blame it on 'bad actors'. that means there always has to be some level of actual bad actors that are tolerated to exist, and a battlefield where they can playfight, secure in knowledge of their covert superiority.

keyboard nerds playing warrior.

try getting a moderately complex cpu without some low-level backdoor like intel's management engine. try finding verifiable hardware and software implementations for monte carlo prime generation for cryptography. do you trust elliptic curve? how about the x509 certificate authority hierarchy, do you really think 'someone' doesn't have complete revocation and spoofing capabilities? remember the vault 7 tools the cia had for spoofing malware origin, laying blame wherever they want? or their interception of the windows update servers providing signed custom package injection? think they lost that capability? or try using natural entropy to provide a otp-secure point-to-point data transport between novel secure endpoints. the law will shut you down quicker than you can say terrorist childporn. yet that's exactly the technology needed to implement actual secure critical infrastructure.

can't have that though.

so it's like trying to play a game of cards where the dealer decides what cards everyone gets, and won't let anyone else be the dealer. the agencies supporting this 'cyber command' centre quite deliberate infiltrate any organizations implementing possible solutions secure against their control. so you're left to 'trust them', which is actually reasonable to an extent, because it seems unlikely they're going to blow up their little game, which they would do if they let the practical security situation devolve into unusability, or allowed the implementation of actual zero-trust-required security solutions.

so yeah, they're there, and of course want you to know they're Very Smart People Who Are Utterly Necessary, but I wouldn't give their competence-cosplay one ounce of respect more than it deserves.

[UltraBudgie]

* oh my apologies the wu server subversion was nsa not tao, right? so many games to keep straight...

They are not worried about what anyone else is doing and at the end of the day it is a state or government officer standing in between you and enemies you don't even know you have so you can rest well because we got this.

my initial kneejerk reaction was to not feel very antifascistically comforted by that statement, but upon consideration and explication i'll just accept it for what it is, and say, sure, i get that. go team usa!

[imitator]

Good thing the headquarters is not Austin LOL... 
Some of the biggest attacks are caused by employees or contractors with access to internal systems.

[ReturnofBroccoli]

the problem with this 'feds to the rescue' partnership to 'protect critical infrastructure' is that it ignores the history of the problem. the critical infrastructure was dragged, with actual reliability experts kicking and screaming, on to the public web infrastructure, with the reasoning of 'oh we'll just make the web secure then and it will be better for everyone no problem!'. same as electronic voting. well, problem is as it turns out the same authorities who have 'stepped up' to make that infrastructure secure are the same ones who have systematically undermined security standards, hardware reliability, cryptographic implementation, reliable data transport service, legislative practice, etc. it turns out they don't want a secure infrastructure, they want an infrastructure that is their bitch, and only their bitch, with holes and weaknesses just enough that they can spoof and exert control deniably where they want, and blame it on 'bad actors'. that means there always has to be some level of actual bad actors that are tolerated to exist, and a battlefield where they can playfight, secure in knowledge of their covert superiority.

keyboard nerds playing warrior.

try getting a moderately complex cpu without some low-level backdoor like intel's management engine. try finding verifiable hardware and software implementations for monte carlo prime generation for cryptography. do you trust elliptic curve? how about the x509 certificate authority hierarchy, do you really think 'someone' doesn't have complete revocation and spoofing capabilities? remember the vault 7 tools the cia had for spoofing malware origin, laying blame wherever they want? or their interception of the windows update servers providing signed custom package injection? think they lost that capability? or try using natural entropy to provide a otp-secure point-to-point data transport between novel secure endpoints. the law will shut you down quicker than you can say terrorist childporn. yet that's exactly the technology needed to implement actual secure critical infrastructure.

can't have that though.

so it's like trying to play a game of cards where the dealer decides what cards everyone gets, and won't let anyone else be the dealer. the agencies supporting this 'cyber command' centre quite deliberate infiltrate any organizations implementing possible solutions secure against their control. so you're left to 'trust them', which is actually reasonable to an extent, because it seems unlikely they're going to blow up their little game, which they would do if they let the practical security situation devolve into unusability, or allowed the implementation of actual zero-trust-required security solutions.

so yeah, they're there, and of course want you to know they're Very Smart People Who Are Utterly Necessary, but I wouldn't give their competence-cosplay one ounce of respect more than it deserves.

Are you suggesting that some holes are intentional and meant as backdoors for the U.S. government while bug bounties are put in place in case someone finds them accidentally? Like open ssh a few years back or maybe even heart bleed?

The Texas Cyber Command has nothing to do with that and is the private sector experts bolstering state and local government systems, as well as federal systems within that state. That is all. A call to arms from Texas to the private sector for help in creating a more unified front. Not the opposite which is where I think our communication is having an issue. Your points are valid and I don't deny any of your statements but its not the place for it because where you see federal over reach isn't a thing here and is the opposite of what you originally thought it was. Are we really to say "How dare these private sector individuals come to the defense of the state of Texas or its partners in protection of America as a whole?"

[ReturnofBroccoli]

It will achieve this by launching a cyber threat intelligence center, training state workers on cyber security, coordinating swift responses to cyber attacks, and collaborating with partners to establish a gold standard for cybersecurity.

The command will be based in San Antonio and utilize the expertise of the University of Texas at San Antonio, according to a UTSA article.
Key aspects of the Texas Cyber Command's mission include:
 Cyber Threat Intelligence: Identifying and repairing vulnerabilities in state and local government systems. Training and Education: Training state workers on preventing cyber breaches.
 Swift Response: Coordinating with governments on effective responses to cyber attacks. 
 Collaboration: Working with local, state, and federal partners to establish a gold standard for cybersecurity. 
 Digital Forensics Lab and Incident Response Unit: Providing subject matter expertise, forensic analysis, and support to conduct post-attack investigations and recovery efforts. 
 Preparing for Cyberattacks: Pre-attack coordination and planning, and proactive collaboration with critical infrastructure partners. 
 Defending and Responding: Defending against and responding effectively to cyberattacks.

[SoTaxMe]

In response to last post, there will never be actual state control of cyber.  It will always be Federal Control.  Why?  Because any cyber threats not only affect our nation, but the entire world.

I understand the idea to keep the cyber control in state of Texas, but that is never going to happen.  I am not trying to disparage any posters.  But Cyber Command should be handled by our National cyber experts, which *hopefully* are more adept than these Black Hat hackers themselves.

That is why I always propose to good computer operators to get their Ethical Hacking certification (White Hat Hackers), and join the fight themselves on a national level to fight the Black Hats.  Be warned...a complete course and testing will run you about $6K on average.  Pricey, but you also get to join Penetration Testing teams.  Insurance companies often require that major mainframes for companies get PenTested to prove their legitimacy they claim to be IT attack resistant. 

Fun job if you can work with a small team with diverse talents.  Lockpicking is an asset.  You enter into a signed agreement with the company, absolving your team of getting caught (if you fail), and you are cleared of all wrong doing.  Check it out on internet search..PenTesting. 

Kali Linux is the premier toolbox for PenTesters.  Parrot Linux is also good, but Kali is the primary source for your toolbox, in my opinion.  And when I say toolbox, your in for a surprise at what you get.

Fight the good fight!