Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The "IA" in DoD is generally the NSA. The NSA is made primarily of two different camps. SIGINT is their offensive side aka "hack the planet". The Information Assurance Directorate is the "blue team" who tries to protect government infrastructure.


The overall, top-level IA people who set the standards and procedures that must be followed are NSA. However each department and organization is responsible for having professionals who understand the policies and can follow the rules.


They don't really have to follow the rules. They just have to drag their feet long enough for your project to die.


True, but this project will not be allowed to die. So we will see what happens when the proverbial immovable object (IA) meets an unstoppable force (people with stars on their shoulders).


See what happened to Michael Flynn. He had three of those stars on his shoulders and the IC pretty much wrecked him.


So when the NSA publishes SELinux, do we get to know whether it was red or blue team?


Well the flask security architecture (about 10 years of research that culminated in what is now SELinux) was written specifically for Information Assurance by IAD so... Blue Team.

They use this internally.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: