Disturbing activity at the NSA (original) (raw)

February 10, 2025, 4:05pm 1

According to a memo distributed by NSA leadership to its staff, as of today, February 10, all NSA web sites and internal web pages must be deleted if they contain any of a list of “banned words” according to a recent Executive Order.

Among these “banned words” are: Privilege, Cognitive Bias, and Diversity.

How are we expecting the NSA to talk about the security threat called “privilege escalation” without using the word “privilege”? What about the security policy known as “software diversity” and “vendor diversity”? And the fact that cognitive bias is a known pitfall in security decision making (and with executive decision making in general)?

I worry that ham-fisted orders like this are going to have a negative effect on cyber security as people have to now spend time figuring out alternative ways to word things rather than using industry standard terminology.

Was going to put this in the security topic, but I guess I guess it’s more just me venting that ideologues are getting in the way of security professionals trying to do their jobs by trying to control languages in ways that are generating negative side effects.

Thanks for listening to my rant.

I suppose we need to come up with new “technobabble” words for those things? Anybody have any fun suggestions?

While I’m here, I just want to warn folks before you comment, please keep the Community Guidelines in mind, and keep things professional so we don’t have to move this to the soapbox, please. :slight_smile:

PatrickFarrell (PatrickFarrell) February 10, 2025, 4:10pm 3

We really can’t discuss all of the disturbing things going on without delving into politics unfortunately.

I would question why I need to pass any audits, have any security standards etc, when those mean nothing at the government level anymore.

That’s as far as I’ll go.

Son.of.Jor-El (Son of Jor-El) February 10, 2025, 6:34pm 4

Can’t get into politics here, but I think you might be missing the context of some of those words mentioned. I don’t think they would bat an eye if someone used privileged escalation when talking about security.

Like Patrick said…that’s as far as I’ll go.

merlinyoda (MerlinYoda) February 10, 2025, 8:02pm 5

One would hope that the order would lay out the context in which said “banned words” were used at least … like if used in a context that did not help to further the core mission of the NSA. In fact, if they could get just rid of every bit of guiding documentation that lead them think it was OK to collect information on US citizens without a warrant in the first place, that would be extremely helpful actually.

joebridgeman (JoeBridgeman) February 10, 2025, 8:24pm 6

The fear is somebody who doesn’t know security is just going to go “Ctrl + F” search “priviledge” and put all the results onto the chopping block. Someone who did know security might have worded a memo about the topic more precisely

notmauricemoss (NotMauriceMoss) February 10, 2025, 8:51pm 7

I’m excited to see how this is going to reduce the cost of eggs!

Jburdick1213 (Jburdick1213) February 10, 2025, 8:51pm 8

That is true however it can be difficult to determine how the memo in question was worded or if any nuance is included without seeing the memo ourselves.

Avoiding getting political here but it’s hard to take a lot of what’s reported at face value without actually seeing the document given how emotionally charged both sides can get.

tom6018 (Tom6018)

February 10, 2025, 8:52pm 9

Diversity

edt (EdT) February 10, 2025, 10:26pm 10

Yes, obviously that’s what ideally will happen. The problem, according to reporting, is that they’re being pushed to “clean up” their networks by a deadline, and they don’t have the personnel to do this manually. According to an anonymous source, there will be a “Big Delete” of any external and internal pages that contain any of the “banned words”, but:

The NSA’s internal network has existed since the 1990s, and a manual review of the content is impractical. Instead, the NSA is working with “Data Science Development Program interns” to “understand the false-positive use cases” and “help generate query options that can better minimize false-positives.” Nevertheless, the NSA is anticipating “unintended downtime” of “mission-related” websites.

OscarOneEye (OscarOneEye) February 10, 2025, 11:12pm 11

Here, instead of “vendor diversity” we use “heterogeneous environment”. I am hoping (he/him) doesn’t go after the work homogeneous.

But, I’ve seen the move away from terms like “master” and “slave” to “primary” and “secondary” so moving away from specific terms, can be done… hopefully for the right reasons.

jeffjones11 (jeffjones11) February 11, 2025, 5:02am 12

I seem to recall that Winston Smith of the Ministry of Truth got himself called into the boss’s office for using the wrong official newspeak vocabulary guide (v9 vs v10 I think) sometime around 1984…

I never used to think of Orwell as prophetic.

danielb1978 (DanielB1978) February 11, 2025, 11:39am 13

I don’t feel I can adequately reply to this post without being political.

Evangelicals on steroids. Will leave it at that.

Greek-Greg (Greek-Greg) February 11, 2025, 1:58pm 14

The sad part here is it’s just going to have to get even worse before people pull their heads out of their bottoms and realize what they voted for. Sadly all the rest of us can do is hold on and pray

ode2joy (Ode2joy) February 11, 2025, 1:59pm 15

I remember when they did a similar thing for “black list” and “white list” and everything became “allow list” or “block list” instead. I would think it was a challenge to properly substitute all cases of “black” or “white”, but only in this very specific instance. However, I don’t recall any massive catastrophes as a result of these efforts. Hopefully, this will be the same where they will actually examine the false positives or have a method for quickly restoring anything shut down improperly.

c-t (C-T)

February 11, 2025, 2:02pm 16

Eating-Popcorn-Soda.gif | GMC AT4 Forum

Phil7965 (Phil7965) February 11, 2025, 2:04pm 17

My two cents:

It’s getting to the point where it’s interfering with our work. Now it’s becoming a real problem.

chrisdavis8 (chrisdavis8) February 11, 2025, 3:39pm 18

Yeah the issue of seeing the context of words or the use of them is the key point that a lot of people - in IT and out of IT - will quickly lose sight of. As a few said when it impedes on our ability to do our job then it becomes an issue moreso than inconvenience.

All I’ll say about the matter as well. Ask me again in 4 years.

kwelch007 (kwelch007) February 11, 2025, 3:53pm 19

PatrickFarrell (PatrickFarrell) February 11, 2025, 4:06pm 20

NSA aside, I’m going to say that when you have untrusted people doing untrustworthy things and ignoring all controls you can no longer trust any of those systems and all of them will have to be treated as compromised and rebuilt.

If people you didn’t know walked into your datacenter and plugged things into your servers without any oversight, you would never trust those servers again.