Draft content, “Foresee the scenario that a hostile takeover by adversarial nefarious authorities occurs. What is your prescribed response? Will you ash records? Will you enact an encryption auto-lock and if so how will you plausibly deny it exists? How will you protect your human participants?”
Sure, but bc also assumes multiple copies in different hands. Gonna be tough to get 51% of the bc copies elsewhere when it comes to govt data.
If not for that 51% elsewhere, they can just override, no?
Extra hard when dealing with sensible data like SNS linked to real names, for example.
It is not a problem if they override because it can be restored from paper documents (costly but possible). What is more important, they will need to add their own transactions in an explicit way and that transactions can be reanalized later (i.e., protection from direct DELETE/UPDATE to db)
On the contrary, I think it is an information security problem, it's just that no one in their wildest imagination envisioned this kind of attack scenario.
An admin with the encrypt system virus used as malware, but as a failsafe instead.
Example:
a group comes into your building and insists they have the right to commandeer the equipment. You disagree. Someone fires you. A button press, and the system is encrypted SOP until a judge intervenes.
That is a physical security problem. A strong gate or a couple of guns solve that one.
Also reconsider the idea that you only encrypt stuff until a judge says otherwise.
Judges are enemy agents now, in your scenario you just encrypt as a means to destroy all data.
Maybe more Federal employees need to start showing up to work with pepper spray and zip ties. If the DOGE Bros show up, spray 'em and zip 'em. The info systems remain secure.
"Preface: It should be said before starting that everything else in this textbook is moot if you physically let the hackers onto your premises and give them access to everything. Don't do that."
I have an M.S. in Cyber Security and I can assure you that any decent cyber security program includes at least a little on the physical security of a facility. Many physical security systems are controlled electronically. If you can hack the control system, you can likely enter the facility.
A security researcher colleague used to say that security people often forget that the biggest vulnerability is a person with a (metaphorical) club in hand who can force-reveal any secret, not some encryption algo hole.
Doesn’t the threat posed by Musk and his henchmen boil down to RL factors like physical security, or as I like to call it “don’t give the keys to idiots that have malicious intent”?
Comments
https://bsky.app/profile/techychik.bsky.social/post/3lhpkabqjf22q
If not for that 51% elsewhere, they can just override, no?
Extra hard when dealing with sensible data like SNS linked to real names, for example.
https://youtu.be/cV58O0USCaY?si=UPWXPHok5c7wlEJv
None of this is computer security, this is just "giving your shit to traitors you should really be shooting instead"
Example:
a group comes into your building and insists they have the right to commandeer the equipment. You disagree. Someone fires you. A button press, and the system is encrypted SOP until a judge intervenes.
Also reconsider the idea that you only encrypt stuff until a judge says otherwise.
Judges are enemy agents now, in your scenario you just encrypt as a means to destroy all data.
And you can't get much more of an insider threat than handing the threat the fricking keys.
E.g. Treasury's payment system only doing payment without knowing personal data about the recipients.
But I concluded that I don't nearly know enough about Treasury for this thought experiment 😔
It's enough different from the normal insider/disgruntled employee attacks to warrant explanation.