Russian Code Found In US Utility Computer

[zoobyshoe]

A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials.

While the Russians did not actively use the code to disrupt operations, according to officials who spoke on the condition of anonymity to discuss a security matter, the discovery underscores the vulnerabilities of the nation’s electrical grid. And it raises fears in the U.S. government that Russian government hackers are actively trying to penetrate the grid to carry out potential attacks.

Officials in government and the utility industry regularly monitor the grid because it is highly computerized and any disruptions can have disastrous implications for the country’s medical and emergency services...

https://www.washingtonpost.com/worl...c2a61b0436f_story.html?utm_term=.3d3f0ce2546f

"Vermonters and all Americans should be both alarmed and outraged that one of the world's leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety," Gov. Shumlin said. "This episode should highlight the urgent need for our federal government to vigorously pursue and put an end to this sort of Russian meddling. I call upon the federal government to conduct a full and complete investigation of this incident and undertake remedies to ensure that this never happens again."

The code was not actively used to disrupt the utility's operations, officials told the Washington Post. Those sources note that the hackers' intentions are unclear, adding that it could have been a test to see if a portion of the grid could be penetrated...

Source: Signs of Russian Hack Found in Vermont Utility System | NBC Chicago http://www.nbcchicago.com/news/nati...fficials-Believe-408886385.html#ixzz4URceJ855

 

[fresh_42]

I wonder what makes a code Russian? Hacking in plain text? Only the alphabet which also Bulgarians use? My coding has always been mostly English. Did it make it American? Sometimes I coded French ...

 

[nsaspook]

https://www.physicsforums.com/threads/the-godfather-of-fake-news.894647/page-2#post-5655385

 

[StevieTNZ]

https://www.physicsforums.com/threads/the-godfather-of-fake-news.894647/page-2#post-5655385

The spread of fake news, especially those stories picked up by 'legit' news sources and published, is frightening. Such stories could lead to tension between countries if it is claimed 'x' said and is going to 'y' to 'z', and then we have 'z''s response. I do know some politician from Israel, I believe it was, saw a story and tweeted about it as if it was true. Turned out to be fake. I'll have to try and track that down.

 

[zoobyshoe]

https://www.physicsforums.com/threads/the-godfather-of-fake-news.894647/page-2#post-5655385

If it is actually a non-event, the Washington Post is not to blame. Their story was based on the utilities' report:

https://www.burlingtonelectric.com/news/3908/Burlington-Electric-Department-Statement-in-Response-to-Reports-of-Russian-Hacking-of-Vermont-Electric-Grid

Friday, December 30, 2016Last night, U.S. utilities were alerted by the Department of Homeland Security (DHS) of a malware code used in Grizzly Steppe, the name DHS has applied to a Russian campaign linked to recent hacks. We acted quickly to scan all computers in our system for the malware signature. We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems. We took immediate action to isolate the laptop and alerted federal officials of this finding. Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems. We have briefed state officials and will support the investigation fully.

Whose scan of their equipment was instigated by this:

This Joint Analysis Report (JAR) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. The U.S. Government is referring to this malicious cyber activity by RIS as GRIZZLY STEPPE.

https://www.us-cert.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY STEPPE-2016-1229.pdf

 

[nsaspook]

If it is actually a non-event, the Washington Post is not to blame. Their story was based on the utilities' report:

https://www.burlingtonelectric.com/news/3908/Burlington-Electric-Department-Statement-in-Response-to-Reports-of-Russian-Hacking-of-Vermont-Electric-Grid

I don't consider the Washington Post a link site that just copies information. I would hope their journalistic standards would require them to check primary sources before making fantastic claims of Russia hacking the Vermont Electric Grid. The Vermont Burlington Electric Department Statement seems have been issued after the first WaPo story , not before. So a 'government' official was their original source it seems.

 

[zoobyshoe]

The Vermont Burlington Electric Department Statement seems have been issued after the first WaPo story , not before. So a 'government' official was their original source it seems.

Where are you getting this timeline?

 

[nsaspook]

Where are you getting this timeline?

https://theintercept.com/2016/12/31...-false-story-about-hacking-u-s-electric-grid/

There was no “penetration of the U.S. electricity grid.” The truth was undramatic and banal. Burlington Electric, after receiving a Homeland Security notice sent to all U.S. utility companies about the malware code found in the DNC system, searched all its computers and found the code in a single laptop that was not connected to the electric grid.

Apparently, the Post did not even bother to contact the company before running its wildly sensationalistic claims, so Burlington Electric had to issue its own statement to the Burlington Free Press, which debunked the Post’s central claim (emphasis in original): “We detected the malware in a single Burlington Electric Department laptop NOT connected to our organization’s grid systems.”

This implies a WaPo story -> Burlington Electric statement sequence but there are no time-stamps to prove it.

 

[zoobyshoe]

https://theintercept.com/2016/12/31...-false-story-about-hacking-u-s-electric-grid/This implies a WaPo story -> Burlington Electric statement sequence but there are no time-stamps to prove it.

Two separate things here: The official utility statement:

https://www.burlingtonelectric.com/news/3908/Burlington-Electric-Department-Statement-in-Response-to-Reports-of-Russian-Hacking-of-Vermont-Electric-Grid

which preceded and precipitated the WashPost story, and the later same utilities' statement to the Burlington Free Press, which came after the WashPost story.

 

[nsaspook]

Two separate things here: The official utility statement:

https://www.burlingtonelectric.com/news/3908/Burlington-Electric-Department-Statement-in-Response-to-Reports-of-Russian-Hacking-of-Vermont-Electric-Grid

which preceded and precipitated the WashPost story, and the later same utilities' statement to the Burlington Free Press, which came after the WashPost story.

If that timing is correct then where did the Washington Post headline of hacking the grid come from? None of the Burlington stories say this hacked computer was anywhere near the power grid control systems.
http://www.cnn.com/2016/12/30/us/grizzly-steppe-malware-burlington-electric/index.html

"The Washington Post first reported the existence of the malicious software."

 

[zoobyshoe]

If that timing is correct then where did the Washington Post headline of hacking the grid come from? None of the Burlington stories say this hacked computer was anywhere near the power grid control systems.

You are correct. The 'hyperbolic headline' was an obviously sensationalized take on the news.

The story does, however, report the less sensational facts:

Burlington Electric said in a statement that the company detected a malware code used in the Grizzly Steppe operation in a laptop that was not connected to the organization’s grid systems. The firm said it took immediate action to isolate the laptop and alert federal authorities.

Which is what always happens: sensational headline pulls you into reading what ends up being a much less sensational story. Which is why my thread title was toned down from the WP headline.

Regardless, I don't see any mainstream media outlets suggesting the malware might have gotten on that laptop "innocently." Your links are the first sources I encountered that suggest it needn't have gotten there directly from a Russian hacker. So, good catch. I'm still not going to blame the WP, though, since the source of any undue alarm would seem to be the FBI/Homeland Security hypervigilance about what constitutes dangerous code in this situation.

 

[nsaspook]

You are correct. The 'hyperbolic headline' was an obviously sensationalized take on the news.

I would use the same words they did about the original story that was changed later to closer fit reality, incorrect as in "false" and "not true".

 

[anorlunda]

In the Washpost story, the facts do not come out until paragraph three. They were preceded by very scary headline and paragraphs 1 and 2.

The laptop was not connected to operations.
How it got infected is unknown.
The infection contained at least a snippet of code attributed to Russian origin.

I'm willing to believe that the malware found was of Russian origin. But hackers share malware freely and excerpt and morph it to fit their needs. The Stuxnet virus, supposedly of US Government origin is like that. Finding a snippet of Stuxnet code on an infected computer today is very weak evidence that the US Government put it there.

Here is the point IMO. Bad guys can very simply and cheaply use hacking to spread fear in out country, and to erode trust in our institutions, and to cause us to spend our money foolishly. Measured in terms of money, it is asymmetric to the extreme. Security vendors salivate over prospective sales of $100-$150 billion in smart grid or cyber security hardware and software. It might have cost the bad guys less than $10 to get the malware on the Vermont computer. That suggests a leverage of $10^{10}$. Readers may wish to argue for a lower number, perhaps $10^3$. But we should all agree that the gain is very much bigger than 1, thus asymmetric in favor of the attacker.

Next, I think back to the so-called Strategic Defense Initiative of the Reagan years (known as Star Wars). It has been said that Star Wars was the straw that broke the back of the Soviet Union. Perhaps Star Wars was genuine, or perhaps it was an insanely successful ruse. No matter. That little packet of information, true or false, achieved what 30,000 nuclear warheads over the span of 40 years did not accomplish. It was asymmetric to the extreme.

It seems entirely plausible that the Russians, North Koreans, Iranians, or other enemies can have a field day practicing asymmetric cyberwar with the USA. The beauty of the scheme is that they do not need to ever succeed in causing a blackout or anything else with physical reality. All they need to do it to destabilize our society with anxiety. If we accept that the Russians did meddle with the US election, then destabilization rather than electron of Trump seems to be a much more believable motive. Hundreds of millions of Trump opponents, still stinging with disappointment, are willing to jump on that destabilizing wagon at this moment in time. The media are also willing participants because scare sells almost as well as sex sells.

It may be true that the USA is more skilled than any other country in offensive cyberwar capability. But it is also true that we are more vulnerable because (a) we are so computer dependent, and (b) because our free speech traditions allow the media megaphone to amplify fears and concerns. The USSR in the 1980s was vulnerable in different socioeconomic ways. Star Wars was merely the trigger, not the total cause of Soviet Union collapse.

What can we do? We can't repeal the 1st amendment. But we can and should solicit the cooperation of the media. Using today's Washington Post article as an example, all that would be needed would be to to make the raw facts appear first. Make facts the first paragraph keep the headline factual. The authors would still be free to embellish, speculate, explain and extrapolate about scary possibilities, but the editors could simply move those to paragraph 20 of the story. It is ironic to note that other countries with weaker free press traditions (including much of Western Europe) would find it easier to do than we would.

It is my opinion that if we could accomplish that simple change in how we emphasize and highlight news stories, that the USA would become less vulnerable.

There are other non-cybersecurity things that we can do to make ourselves less vulnerable, but I'll leave those for another day.

 

[zoobyshoe]

I would use the same words they did about the original story that was changed later to closer fit reality, incorrect as in "false" and "not true".

No doubt you would. But you are crying "fake news," laying it at the Washington Post's doorstep, and missing the alarm that was merely reported by the WP and not caused by the WP. For example, this alarm, caused, apparently, by a briefing by the Vermont State Police:

Sen. Patrick J. Leahy (D-Vt.) said he was briefed on the attempts to penetrate the electric grid by Vermont State Police on Friday evening. “This is beyond hackers having electronic joy rides — this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter,” Leahy said in a statement. “That is a direct threat to Vermont and we do not take it lightly.”

 

[zoobyshoe]

But we can and should solicit the cooperation of the media. Using today's Washington Post article as an example, all that would be needed would be to to make the raw facts appear first. Make facts the first paragraph keep the headline factual. The authors would still be free to embellish, speculate, explain and extrapolate about scary possibilities, but the editors could simply move those to paragraph 20 of the story. It is ironic to note that other countries with weaker free press traditions (including much of Western Europe) would find it easier to do than we would.

It is my opinion that if we could accomplish that simple change in how we emphasize and highlight news stories, that the USA would become less vulnerable.

Good idea, but it is one of those von Neuman ideas that requires all players be rational.

 

[nsaspook]

No doubt you would. But you are crying "fake news," laying it at the Washington Post's doorstep, and missing the alarm that was merely reported by the WP and not caused by the WP. For example, this alarm, caused, apparently, by a briefing by the Vermont State Police:

Yes, I'm laying it at the Washington Post's doorstep, they published the story first with that misleading headline.

 

[zoobyshoe]

Yes, I'm laying it at the Washington Post's doorstep, they published the story first with that misleading headline.

'FAKE NEWS' CRIES FOLLOW DISCOVERY OF RUSSIAN MALWARE AT VERMONT UTILITY

Journalist Glenn Greenwald at the Intercept picked apart the Post piece, raising fair and important criticisms about the larger story; while the malware is known to be a Russian hacking tool, there's been no evidence released in the Vermont incident to suggest that Russian hackers were the ones who actually installed the malware on the laptop in question. However, that point is subsumed by Greenwald's recently acquired reputation as a Russian hacking skeptic, with theIntercept publishing numerous articles that doubt the U.S. intelligence agencies' findings (as well as private security firms') that Russia deliberately interfered with our election by hacking and releasing documents designed to be embarrassing to Hillary Clinton and the Democratic Party.

http://www.newsweek.com/fake-news-cries-discovery-russian-malware-vermont-utility-537567

In other words, the "fake news" cry, is, itself, suspect coming primarily from a well known "hacking denier."

 

[nsaspook]

'FAKE NEWS' CRIES FOLLOW DISCOVERY OF RUSSIAN MALWARE AT VERMONT UTILITY
http://www.newsweek.com/fake-news-cries-discovery-russian-malware-vermont-utility-537567

In other words, the "fake news" cry, is, itself, suspect coming primarily from a well known "hacking denier."

"hacking denier."
That's just a ridiculous comment if you've actually read what Glenn Greenwald wrote in that article. I know the Russians are hacking our networks just like we are hacking their's. Do you actually think that US or Russian state operated intelligence services would be caught dead using code with such obvious known signature and IP paths to known hacking sites in a possible Cyber-attack on critical infrastructure? This WaPo story seems so naively pathetic in the understanding of basic facts in this story (or on computer security in general) it hurts their normally good reporting on other subjects.

Since it is so often distorted, permit me once again to underscore my own view on the broader Russia issue: Of course it is possible that Russia is responsible for these hacks, as this is perfectly consistent with (and far more mild than) what both Russia and the U.S. have done repeatedly for decades.

But given the stakes involved, along with the incentives for error and/or deceit, no rational person should be willing to embrace these accusations as Truth unless and until convincing evidence has been publicly presented for review, which most certainly has not yet happened. As the above articles demonstrate, this week’s proffered “evidence” — the U.S. government’s evidence-free report — should raise rather than dilute suspicions. It’s hard to understand how this desire for convincing evidence before acceptance of official claims could even be controversial, particularly among journalists.
... In comments
Glenn Greenwald ↪ Willem
December 31 2016, 12:54 p.m.
It’s very simple: People keep distorting my argument to mean that it’s impossible that it’s Russia, or that I’m affirmatively denying Russia did it. That’s not my argument, so I wrote that to clarify what is my argument.

It’s pretty easy to demand that others ignore widespread distortion of their views, but if it were happening to you, my guess is you’d be more understanding of the desire to correct that.

 

[zoobyshoe]

Good quote from Greenwald.

My point is that the WP should not be faulted for reporting what was already in place when it was contacted. It repeated "hysteria" already in place in Vermont, that was actually caused by the FBI/Homeland Security's ideas about what constitutes dangerous code. Why isn't anyone faulting the utility company for reporting the code to the authorities? Shouldn't their computer people have known the presence of this code was neither here nor there? Seems like you're being selective about who in the chain you're deciding to say should have fact-checked better.

 

[nsaspook]

Good quote from Greenwald.

My point is that the WP should not be faulted for reporting what was already in place when it was contacted. It repeated "hysteria" already in place in Vermont, that was actually caused by the FBI/Homeland Security's ideas about what constitutes dangerous code. Why isn't anyone faulting the utility company for reporting the code to the authorities? Shouldn't their computer people have known the presence of this code was neither here nor there? Seems like you're being selective about who in the chain you're deciding to say should have fact-checked better.

If you work in an industry that been declared as 'critical infrastructure' then you don't have much leeway to ignore sending positive findings to DHS from security audits and testing data. Testing was requested by someone, it was done and one laptop had some random virus from a unknown source that matched the signature (a similarity) of previously found malware. The utility company did it's job and I see no indication the utility was the original source of this story (listed as unnamed government officals) because most companies would never talk to the press about a possible computer intrusion unless it leaked. If someone did it would be about they last thing they would do for that company if found out.

"Last night, U.S. utilities were alerted by the Department of Homeland Security (DHS) of a malware code used in Grizzly Steppe, the name DHS has applied to a Russian campaign linked to recent hacks," said Mike Kanarick, spokesman for Burlington Electric Department. "We acted quickly to scan all computers in our system for the malware signature. We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems. We took immediate action to isolate the laptop and alerted federal officials of this finding.

The ORIGINAL article.
http://archive.is/8AEHq

A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials.
...
While the Russians did not actively use the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter,
the penetration of the nation’s electrical grid is significant because it represents a potentially serious vulnerability. Government and utility industry officials regularly monitor the nation’s electrical grid because it is highly computerized and any disruptions can have disastrous implications for the function of medical and emergency services.

 

[zoobyshoe]

If you work in an industry that been declared as 'critical infrastructure' then you don't have much leeway to ignore sending positive findings to DHS from security audits and testing data. Testing was requested by someone, it was done and one laptop had some random virus from a unknown source that matched the signature (a similarity) of previously found malware. The utility company did it's job and I see no indication the utility was the original source of this story (listed as unnamed government officals) because most companies would never talk to the press about a possible computer intrusion unless it leaked. If someone did it would be about they last thing they would do for that company if found out.The ORIGINAL article.
http://archive.is/8AEHq

Exactly. Once the code became associated with Russian hacking there was a whole chain of people not at liberty to question that. That code was found and as that information went through the chain, someone leaked the fact to the media. The Senator was briefed by the State Police. I doubt the State Police were at liberty to question the importance of the code, but why couldn't the Senator fact-check it before speaking to the media? Why couldn't the Governor, before he speechified?

According to what you, and Greenwald, are saying about the code, the real problem seems to originate with the official designation of it as a Russian hacker's fingerprint. (Apparently it can become quite detached from that source and turn up anywhere.) That caused a lot of alarm, and someone leaked the existence of that alarm to the Washington Post. If it ever even occurred to them to check whether the particular code in question was as dangerous as the FBI/DHS claims, I do not know, but tend to doubt it, since there were so many people in the chain required to take that assessment at face value.

I don't fault them for printing the story, though the original headline was sensationalized for maximum clicks, to be sure.

 

[zoobyshoe]

Heres a short piece very critical of the FBI here:

http://fortune.com/2016/12/31/russian-hacking-grizzly-steppe/

 

[nsaspook]

I don't fault them for printing the story, though the original headline was sensationalized for maximum clicks, to be sure.

Maybe they should write a news story about the real electrical grid hackers.
http://foreignpolicy.com/2016/07/31...y-imagine-cyberwar-squirrels-rodents-hackers/

Greetings from the front. The cyberwar continues. Our operatives continue to hit infrastructure targets around the globe. In June alone we conducted 44 ops, hitting targets in 26 U.S. states and six countries total. Each operation impacted as many 15,000 people and lasted for up to four and half hours. Of course that’s just our unclassified operations; the actual number of power outages our operatives have caused is 10 times that number.
...
Not that we’re not trying.

And yet we get no respect. We’ve hit the NASDAQ stock exchange twice, as well as the Large Hadron Collider in Geneva. We’ve hit 64 schools, 30 universities, 13 hospitals, six government buildings, four airports, and even two military bases. And yes, our unclassified operations have caused seven confirmed deaths. Despite that carnage, your policy officials still just worry about massive cyberattacks directed by Beijing and Moscow. (Oh, don’t worry: We’ve got agents there too.)
...
Yes, there is a risk to the electric grid from a cyberattack, but that threat is nowhere near the levels of fear, uncertainty, and doubt being peddled by policymakers, threat reduction firms, and cyberwar hawks. If you really want to stop the ongoing, constant attacks on the U.S. electrical grid, there’s an easy way: call Orkin. Until then, we are anonymous, we are legion, we are your unfriendly neighborhood squirrels.

 

[dlgoff]

Maybe they should write a news story about the real electrical grid hackers.
http://foreignpolicy.com/2016/07/31...y-imagine-cyberwar-squirrels-rodents-hackers/

and very true. And I agree they should.

 

[zoobyshoe]

Maybe they should write a news story about the real electrical grid hackers.
http://foreignpolicy.com/2016/07/31...y-imagine-cyberwar-squirrels-rodents-hackers/

Someday these Mammalian Special Ops, Terrestrial Branch, trainees (squirrels) will be set free in Russia in conjunction with equal numbers of supporting Moose. For now they get their real-world experience with light attacks on our own grid.

See also similar marine version:https://en.wikipedia.org/wiki/Military_dolphin

 

[nsaspook]

Operations world-wide.
http://cybersquirrel1.com/

 

[zoobyshoe]

Anyway...

Greenwald compares this code to a kalashnikov. Anyone can buy a kalashnikov, and the discovery of a kalashnikov does not prove Russian involvement.

That said, however, the presence of a kalashnikov would strongly indicate someone intended to shoot someone.

Does the comparison hold up? What does the presence of that code on that computer mean? Does it mean someone (Russian or not) was trying to hack that computer? What does that code do? Extract information? Cripple it? Other? What would whoever purchased the code be doing in putting it on that computer?

 

[john101]

What is 'Russian'? What does this word mean?

 

[nsaspook]

Anyway...

Greenwald compares this code to a kalashnikov. Anyone can buy a kalashnikov, and the discovery of a kalashnikov does not prove Russian involvement.

That said, however, the presence of a kalashnikov would strongly indicate someone intended to shoot someone.

Does the comparison hold up? What does the presence of that code on that computer mean? Does it mean someone (Russian or not) was trying to hack that computer? What does that code do? Extract information? Cripple it? Other? What would whoever purchased the code be doing in putting it on that computer?

All good questions but unanswerable without computer forensics to trigger it or to see what happened (if anything ) to it for some questions. Internal power utility computer network details and what was the normal function of the laptop within the company would be needed for other answers like, was it targeted (there is no evidence so far it was specifically targeted at the utility) or just a general phishing type malware or more a spearphishing operation or used zero-days as we like to use that leave little evidence behind.
https://www.wired.com/2014/05/alexander-defends-use-of-zero-days/

What does it mean that a code signature was found?
https://blog.kaspersky.com/signature-virus-disinfection/13233/

If a scan found a positive signature does that mean it's 100% sure some code in the found malware is from a specific malware sample?
Maybe to almost certainly yes depending on how good the signature generation routines and matching routines are. False positives happen all the time with the best software. It's unknown how many total company computers were scanned in this case where only one computer had a positive malware detection.

So many unknowns that the only possible outcome was strange conspiracy stories about why it happened.
http://www.dailykos.com/story/2016/...ernie-Sanders-by-hacking-into-Vermont-utility

Now, you may be asking yourself this question...why would Russia hack into a small utility company in Vermont?

 

[zoobyshoe]

Thanks nsaspook. Good, comprehensive answer.

 

[nsaspook]

https://www.washingtonpost.com/worl...d5_story.html?utm_term=.af96f8f5c03a#comments

 

[zoobyshoe]

https://www.washingtonpost.com/worl...d5_story.html?utm_term=.af96f8f5c03a#comments

Thanks for posting this.

Do you know anything about "Neutrino?"

 

[nsaspook]

Thanks for posting this.

Do you know anything about "Neutrino?"

Really old school delivery system Java code for other malware systems.

Neutrino - связка эксплоитов
Друзья, предлагаем Вашему вниманию наш новый продукт, связка эксплоитов Neutrino.
Хотел бы перейти сразу к описанию и остановиться более детально на некоторых особенностях.

Translated by google as :
******************************************

Neutrino - a bunch of exploits
Friends, we offer you our new product, a bunch of exploits Neutrino.
I would like to go directly to the description and to stay in more detail some of the features.
...
Contacts
Jabber: xxxxxxxx_@_dont_click_xxxxxx.cz
ICQ: xxxxxxxxxx

 

[anorlunda]

When I worked in the power industry, I was considered as a radical reactionary. That was because I considered government (at all levels) as a singularly bad partner in IT and security issues. Today's story linked by @nsaspook seems to confirm my bias.

1. Information that government shares with industry is low quality. The Grizzly Bear signature sent out by DHS was insufficiently selective to prevent a false positive (neutrino identified as grizzly)
2. Information that industry shares with government will be mishandled and leaked. In this case it resulted in the Washpost "fake news" that scared the public and reinforces the anxiety that the grid is highly vulnerable. I expect that many fewer people will read and be influenced by the retraction, so the damage can never be entirely undone.

But even more basic, there is an unresolvable conflict inherent in any entity with both offensive (i.e. US Cybercommand) and defensive roles. USA critical infrastructure uses the same basic components as everyone else in the world. Unix variants, routers, hard disk drivers, PLCs, and so on. It is Cybercommand's duty to have the ability to penetrate and bring down the computers of any/all bad guys in the world. In practice, they can only achieve that if they have the capability to bring down anything anywhere, owned by bad guys or good guys. Therefore, I am forced to assume that any standards, software, or other information received from government has been mandated by Cybercommand to be compromised. Government can not tolerate secure computing because bad guys will get their hands on it. I see no possible way to resolve that conflict.