Can NASA's Gryphon-X Project Save America? (thestack.com) 44
An anonymous reader writes: The Institute for Critical Infrastructure Technology, which advises both government and industry, has released an unusually fervent paper calling for NASA to push harder for funding for a massive cybersecurity project called Gryphon-X, which it claims has been lost in congressional confusion and administrative bureaucracy. Details are scarce as to how Gryphon-X could prevent cyber-incursions such as AnonSec's attempted drone sabotage in February, or even what new technologies might be on the table, but mentions that a significant new site would be built in Silicon Valley, and would include academic facilities. Extending Gryphon-X's scope far beyond NASA's security to a global role, the authors write that it would contain 'the fusion center, virtualization environment, and cyber-physical capabilities needed to analyze, prepare, and prevent threats like these from harming the nation, its organizations, or its people.'
Answer (Score:2)
Without knowing anything at all about the project, we can all confidently say the answer is "No".
Re: (Score:2)
If computer security is what you want, then a better option is just to use OpenBSD. Unlike most other software projects, including nearly all Linux distros, the OpenBSD developers put security first. Putting security first has the side effect of making quality and robustness high priorities, too, since they all go hand-in-hand. You can't get one without the others. The OpenBSD devs do strenuous reviews of not only their own code, but that of code developed by other projects. They will even fork other projects when those projects don't live up to the OpenBSD standard of security and quality. LibreSSL [libressl.org] is an example of this. So if computer security is what you're after, use OpenBSD. It's the only sensible choice.
I'm all for the BSDs, as they do have superior code quality compared to Linux + GNU (having written for both, although it's just my subjective opinion). That said, OpenBSD is the one I'm the least a fan of - it has some very useful extra features, and the devs really do put forth the work. However, only on the base, and I can't stress that enough. OpenBSD's base is suprisingly well developed, and you can run a small router or printer manager or something with it, sure. However, as soon as you want more (su
Re: (Score:1)
WTF? Re:NASA or NSA? (Score:2)
I can't figure out what's going on here. The link goes to https://science.slashdot.org/s... [slashdot.org]
Why does the link on a slashdot story go to slashdot stories? Isn't there an original somewhere to link to?
Re: (Score:2)
I can't figure out what's going on here. The link goes to https://science.slashdot.org/s... [slashdot.org]
Why does the link on a slashdot story go to slashdot stories? Isn't there an original somewhere to link to?
The actual link to the thestack.com is right next to the title. I've seen a few articles linked like this lately.
Re: (Score:2)
Here's the report itself: http://icitech.org/wp-content/... [icitech.org]
Not worth the read IMHO, only three generic references, none of which explain anything about Gryphon-X. While I agree that trying to use the same old defenses against an adapting adversary means you will get breached eventually, most organizations are not even properly managing the traditional security controls, much less developing next generation controls. I am skeptical of how well this could be applied widely to protect data, even assuming it is
Sounds a lot like Elon Musk technology (Score:2)
Bingo ... (Score:3)
Buzzword bingo, bitches!!
This just needs a missions statement generator and a set of power point slides, and it'll be ready for vast sums of money to pay for travel junkets and hookers for years.
I think I see a typo in the headline (Score:3)
Shouldn't it be: "Can NASA's Gryphon-X Projec Have Anything To Do With What NASA is Supposed To Be Doing?"
Re: (Score:2)
That ended decades ago.
I'd say DARPA, if there had to be one such place. As for NASA, if it's not aeronautics or space related, it's not what they're supposed to be doing.
Re: (Score:2)
If Gryphon-X is based on research they did after getting hacked on how to secure their systems and networks... isn't part of their mission to advance technology.
Not that they should be overseeing a project to secure the US's networks but if research they did will help then sure.
Details are scarce indeed (Score:2)
Details are especially scarce when the first link just points back to this article. Who the hell is The Institute for Critical Infrastructure Technology? A cursory Google search reveals that they're a (pending) nonprofit with an interest in pushing for greater cybersecurity policies at the federal level. Great. I've never heard of them, so why do I care what they say about Gryphon-X? And what, exactly, is Gryphon-X proposed to do? Without details I'd be inclined to just assume it's some sort of vague
Re: (Score:2)
Yeah, no shit ... there is no TFA ... there's just "some guys want to do some stuff but due to our own ineptitude we failed to provide any relevant links to anything, so talk among yourselves."
Perhaps they meant to link to this? (Score:1)
https://thestack.com/security/2016/03/23/can-nasas-gryphon-x-project-save-america/
I had such high hopes for the new management (Score:2)
Well, when the new boss took over, I really thought things would change. He fired the two older idiots that posted crap day in and day out first day on the job. But now, we still get this? "Save America"? For real? Sigh...I had such hopes.
Meet the new boss, same as the old boss.
water, food, roads, bridges, healthy workforce? (Score:2)
A response (Score:2)
This sounds like a big moneypit for Ames. Furthermore, Ames has not been able to retain their government staff, since they are quickly poached to nearby Silicon Valley.
Most of NASA's critical infrastructure is located on JSC, GSFC, KSC, MSFC and JPL. We'd be much better off utilizing those locations, rather than ARC. Although ARC has proximity to startups, GSFC has proximity to the world's largest concentration of human security talent, along with DISA and NSA being next door. JPL has some great SCADA s
I'd prefer not... (Score:2)
I'm not sure how expertise in blowing things up slowly translates into expertise in securing computer systems.
Slashdot, home of the no sayers (Score:2)
Gotta love Slashdot now days, it doesn't matter what the story they can always come up with a way to be negative.
Re: (Score:2)
OK, I'll be positive... I'm positive that this is a dumb idea. Besides, how can you help but be negative when all the ideas are stupid?
Re: (Score:1)
OK, I'll be positive and propose a practical solution. Don't run your critical infrastructure or security apparatus on Intel hardware running Microsoft Windows and connected to the Internet. The current security infestation is largely self inflicted, mainly due to bad design decisions made decades ago.
Space? (Score:1)
NASA has lost its way. It no longer has the capability to fly Americans into space, yet it still draws a similar budget to when it was flying Space Shuttles.
Bureaucracies that eat taxpayer dollars without producing anything useful are the real problem America (and the World) faces.
Stop giving bureaucracies more and more and more taxpayer money to do less useful things !
How to prevent cyber-incursions? (Score:1)
Ask Betteridge (Score:1)