The Weekend Brief

Last Updated on Saturday, 2 August 2008 08:45 Written by admin Saturday, 2 August 2008 08:43

Two interesting articles and a video for your weekend reading/viewing. Enjoy!

Defense in a Wiki World: Military and Intelligence agencies look to harnass the data sharing power of new technologies while keeping the risks at bay.

This article provides pretty good coverage of the security issues surrounding the adoption of certain Web 2.0 applications, and a few solutions that are being considered.

Welcome to Web 3.0: Now your other computer is a data center.

The CEO of salesforce.com,Marc Benioff, provides the best definitions of Web 1.0 (“anyone can transact”), Web 2.0 (“anyone can participate”), and Web 3.0 (“anyone can innovate”) that I’ve seen to date. Benioff presents a compelling case that Web 3.0 is not about the so-called Semantic Web but about moving software from the desktop to the webtop. An interesting debate follows in the comments to his post. Personally I think his approach has merit. Semantic advances in Search including natural language programming, stylometrics, subjectivity analysis,  and entity extraction continue and improve upon the Web 2.0 world of user-generated content, community, and collaboration. The advent of Cloud Computing, however, is innovation in an entirely different way. Here’s Benioff’s description:

“For developers, Web 3.0 means that all they need to create their dream app is an idea, a browser, some Red Bull, and a few Hot Pockets. Because every developer around the world can access the same powerful cloud infrastructures, Web 3.0 is a force for global economic empowerment.”

Hidden in Plain Sight: The Secret History of Silicon Valley, or how Stanford, the CIA, and the NSA built the Silicon Valley that we know today. Check out the lecture by Steve Blank below.

The Friday Brief

Last Updated on Friday, 4 July 2008 10:34 Written by admin Friday, 4 July 2008 10:10

Happy 4th of July everybody. Here’s some weekend reading for you:

If you’re a Twitter user like me, check out the new microblogging service identi.ca. It could become a Twitter-killer. Here’s my identi.ca profile.

The Pentagon versus the EPA (be happy that you’re not working at Ft. Meade).

America’s most conservative Senator, Jesse Helms, passes away on Independence Day.

NSA to share software exploits with private industry

Last Updated on Tuesday, 6 May 2008 04:19 Written by admin Tuesday, 6 May 2008 10:20

According to an article in last Friday’s Washington Post, the White House will soon be releasing details on its new policy which directs the Intelligence Community to share cyber threat intelligence with private industry. The policy is currently classified, however an UNCLASS version is expected to cover a majority of the goals of the program.

The catch-22 for the NSA, which is included among the tasked IC agencies, is that it may have to give up some of the very exploits that it’s currently using to access its foreign intelligence sources.

Allan Paller of the SANS Institute explains:

“This is the oldest conflict in security, because if we give away our best exploits, we lose the ability to use them offensively,” Paller said. “That’s a conflict the guys at NSA deal with every day. When you find good ones, how long do you wait before you tell the vendors and people defending our own networks?”

This precise conundrum sprang up in December 2007, when U.S. intelligence analysts exchanged with their counterparts in Australia, Canada, New Zealand and the United Kingdom new exploits that had been observed being used against their government networks.

“We lost a key exploit for a critical hard target, so there was a gain and there was a loss,” the administration official said. “Many of us agree that we’re going to have to accept a lot more intelligence losses in order to increase the defensive posture of the nation.”

The NSA and other intelligence agencies have an important ¿ if not vital ¿ role to play in sifting through government network traffic for signs of attacks and compromises, said Jim Dempsey, policy director at the Center for Democracy & Technology. But he said the Bush administration has a penchant for slapping a classified label on even the most benign information, and as a consequence the intelligence community’s involvement could result in less ¿ not more ¿ information being shared with the private sector.

“To my mind, one of the key tests of whether this program will be successful or not is how much [information] falls on the classified side of the line, and how much falls on the unclassified side,” Dempsey said. “The more information that gets classified, the less likely the initiative will succeed.”

On a related note, DARPA just released a Broad Agency Announcement for the creation of a National Cyber Range. Noah posts a great review on it at Danger Room.