U.S. Cybersecurity Not So Secure? 162
freaktheclown writes "According to CNet, 'government auditors have been saying that Homeland Security has failed to live up to its cybersecurity responsibilities and may be 'unprepared' for emergencies.'" The article discusses FEMA's handling of relief efforts for hurricane Katrina and how a very similar situation exists with electronic security measures in the U.S. In addition to a conjecture the department of cybersecurity has been "plagued by a series of damning reports, accusations of bureaucratic bungling, and a rapid exodus of senior staff that's worrying experts and industry groups."
That's what happens when unqualified people.. (Score:5, Insightful)
Yes, unqualified people performing serious jobs leads to nothing but problems.
Phillipine Intelligence Agencies (Score:1)
Whoopie! Maybe Haiti will have a mole in the NSA?
Re:Phillipine Intelligence Agencies (Score:1)
Or, more importantly, what's the Philippine GNP?
Re:That's what happens when unqualified people.. (Score:5, Funny)
Careful now, that sounds a bit like TERRORIST talk to me...
Re:That's what happens when unqualified people.. (Score:3, Insightful)
I think those things are very intertwined. Whenever there is a governmental mistake, or failure to accurately foresee the future, accusations start flying. The media Queen of hearts shouts at everyone, "Off with their heads". No wonder there's an exodus of senior staff.
Help Wanted:Anyone want to fill the 'scapegoat' position? I didn'
Re:That's what happens when unqualified people.. (Score:4, Insightful)
Except in the United States the media does not seriously question the government. That is why the Bush administration was able to preside over several of the worst incidents in American history, and have emerged basically unscathed.
Re:That's what happens when unqualified people.. (Score:2)
The Bush administration was able to quite quickly attribute the 9/11/2001 debacle to Saddam bin Laden. The 10/2001 Metro DC sniper team was relatively quickly captured, considering the population and traffic density. But the perpetrators of the deadly anthrax letters of 11/2001 have never been caught.
Those deadly anthrax letters were not directed to members of the Bush administration, nor to their neo(Con)artist supporters
Re:That's what happens when unqualified people.. (Score:2)
I really wonder sometimes what they put in the USA drinking water
Or perhaps it's the mercury in the vaccines (google for thimerosal). Mercury is not so good for the brain.
Re:That's what happens when unqualified people.. (Score:2, Insightful)
Now, considering how wrong you were with your first couple of sentences, I'm not going to bother with the rest of your post, since it is probab
Re:That's what happens when unqualified people.. (Score:3, Informative)
I find it amusing that the Right Wingers out there have latched on to this mantra of "Democrats believe the Bush caused Katrina, what idiots".. I couldn't figure it out at first and then I realized that this was an unclever ploy to make Liberals look stupid somehow.. except that I couldn't find any Liberals actually ever even IMPLYING Bush was responsible for "causing" Katrina..
What Liberals were saying (right or wrong) is that it wasn't handled appropriately and Bush even agreed and took responsibili
I'm not the CyricZ from GameFAQs. (Score:3, Interesting)
In any case, the mainstream media puts up token opposition. But it's not true opposition in any way. I mean, does NBC really want to point out his flaws? Probably not, considering they're owned by General Electric. And Ge
Re: I'm not the CyricZ from GameFAQs. (Score:2)
And even that has only started in the past 6-8 months. For the most part the media has given GWB a free pass on account of 9/11. But he has taken advantage of it for too long, and the country's too obviously headed down the wrong path, so the media, the comedians, and even some of the Democrats are growing enough spine to make some feeble noises now and then.
When the straw that breaks the camel's back comes along, there's going to be a shit-sto
Re:That's what happens when unqualified people.. (Score:4, Insightful)
Re:That's what happens when unqualified people.. (Score:2)
Just curious....What color is the sky on your planet?
Re:That's what happens when unqualified people.. (Score:2)
" Around these here parts the sunrises are colored Murdoch, the sunsets O'Reilly.
The sad thing about the mindless sheeple like you is that they're too busy squawking the party line to realize that the world's done gone and moved on. Even CNN goes begging for conservative viewership these days."
Now, if you'd step away from your corporate media and brush the rust off your brain, you'd notice that the Bush administration has left our country smashed almost beyond recognition. Harder to look at
Re: That's what happens when unqualified people.. (Score:2)
> Just curious....What color is the sky on your planet?
Heh. "Blue" sounds like a doubly appropriate answer.
Re:That's what happens when unqualified people.. (Score:2)
Re:That's what happens when unqualified people.. (Score:5, Insightful)
But that's not what happens -- the media doesn't scapegoat invisible public service employees who've been dutifully showing up doing their job every day for 30 years. Those employees make it through scandals in administration after administration, because everyone knows the agency will not function without them -- ocassionally one may be scapegoated internally, but they don't have any "sex appeal" to the media.
This recent wave IS very different, because it is one of the first times that these guys do seem to be resigning in large numbers -- not because of "media pressure" (the media doesn't even know who these guys are), but because of inept cronies being put in place above them, and then the cronies not being smart enough to realize the career professionals should be running the show.
That's exactly what is happening with the CIA right now, where guys who have happily served both Republican and Democratic administrations for decades are suddenly being dictated to on how to perform their jobs by people who are barely qualified to operate the paper shredder.
"The Media" isn't pushing out the senior CIA officials, the Bush administration is, the same way they pushed Whitman out of the EPA (I mean, geez, the Republican governor of New Jersey is "too liberal" on the environment? Reality check! That's as crazy as suggesting a quadrupegic veteran isn't patriotic!)
Re: That's what happens when unqualified people.. (Score:2)
And operating a paper shredder appears to be a very important skill for Bush appointees.
Re:That's what happens when unqualified people.. (Score:2)
"Opinion of" and "Patriotism" do not necessarily correlate; though that is the meme that came from the cheerleaders for the Iraq war, revived from the Cold War. I consider to myself to be reasonably patriotic, but my opinion of my country (the U.S.) is that it's in the toilet. If I weren't patriotic I would care a lot less about that.
-chris
Re:That's what happens when unqualified people.. (Score:5, Funny)
>
> Yes, unqualified people performing serious jobs leads to nothing but problems.
You miss the point. The purpose of cycling senior people through the bureaucracy isn't because the bureaucracy's ineffective, it's because it's the gateway to a consluting career with the bureaucracy. That's how the Aristocracy of Pull works, and it works the same way whether the Jackasses or the Elephants are in charge. (The only catch is that you can only pull fellow Jackasses (or Elephants) through the door -- and because your tribal totem isn't going to be in charge forever, whenever your gang's in charge, you're obliged to bring the maximum number of fellow gang members through the door as possible during your time in charge.)
To recap:
1) Cultivate enough pull to get a cushy appointment.
2) As a courtesy to the last guy to hold your post, hire him as a conslutant at double his previous pay.
3) Continue to ineffective -- preferably so ineffective that you have a good excuse to resign in "disgrace" within a year or so. This frees up the slot so your boss can reward another guy with pull.
4) Get hired by the new guy at half the political liability to your friends, and at double the pay.
5) PROFIT!
The less effective the bureaucracy, the more people can be run through the revolving door during the course of a given administration, and the more taxpayer dollars can be looted in the process. And because pull is proportional to dollars looted, the system creates its own incentive. Launder, rinse, repeat.
Re:That's what happens when unqualified people.. (Score:2)
Re:That's what happens when unqualified people.. (Score:5, Funny)
This is one of the most insightful typos I've seen on slashdot.
Re:That's what happens when unqualified people.. (Score:4, Funny)
Not just "unqualified" but also "political". (Score:3, Insightful)
"Unqualified" can be handled by finding and hiring qualifed assistants / advisors / etc.
What we have is a situation where an unqualified person is put in charge of an agency and spends his/her time there working on his/her political connections using the agency's resources. So, over time, the agency is less capable of handling its mission than it was when that person started.
But that's how our current politicians reward those who've helped them get into off
Re:Not just "unqualified" but also "political". (Score:2)
Becoming qualified makes you qualified. (Score:3, Informative)
And that used to be the way these things were run. The head of the agency was a political appointee. But s/he had long term professionals working for him/her. Those professionals worked for multiple administrations and were not involved in the political games. They did their jobs and were the experts in their fields.
Check TFA and you'll see where it's talking about those profes
Re: Not just "unqualified" but also "political". (Score:2)
Yeah, that's why on my job applications I always put "CEO" in the "Position applying for" field.
Re:That's what happens when unqualified people.. (Score:3, Informative)
Re:That's what happens when unqualified people.. (Score:2, Funny)
Re:That's what happens when unqualified people.. (Score:1)
You don't know sh*t about the problem, so it MUST be what ever BS idea pops into your head.
Then you get modded as "insightful" by equally simple-minded moderators.
Amazing.
First post? (Score:2, Funny)
That's like jumbo shrimp!
Security Through Obscurity is my motto (Score:5, Funny)
Re:Security Through Obscurity is my motto (Score:2)
Re:Security Through Obscurity is my motto (Score:1)
99% of the web users out there will automatically block them out, giving you quite a bit of security.
Re:Security Through Obscurity is my motto (Score:4, Funny)
--
Use your bluetooth phone as a modem for Linux [arpx.net]
/~1234/index.html (Score:1)
The root cause? (Score:4, Funny)
It isn't so much Microsoft as the method... (Score:1)
Duh! (Score:2, Troll)
Re:Duh! (Score:2, Insightful)
Re:Duh! (Score:2)
The People could, but they're complacent and lazy. Your best bet is to defend your island of data and have a plan for when everything else goes to hell.
Education (Score:2, Insightful)
Re:Education (Score:1)
I have gone all Linux & BSD on my home machines, but I had Windows for many years before that AND NEVER HAD 1 F***** VIRUS, CRACK, OR ANYTHING OF THAT NATURE happen to the machine and I had no AV protection. My friends and family asked "How? What AV Sofware you use?" I said "My Brain." Education is the first thing in is this matter all the way.
I just cannot fathom how people have a deal about a $%$%$FREE ip0d9$)#($#$, then it says go to a web page, and download so
User Education is an Unrealistic Fantasy (Score:1)
If it's a system of users on a network of a non-500 company, then mass education and mandatory training of employees just WILL NOT happen.
So, what's the realistic answer? Real tech troubleshooters. Yes, real-- because there are plenty of admins out there that are so jaded with users that they won't even help them as much as they need to be helped.
What is needed is a scramble crew of techies that
Not sure about those comparisons. (Score:2)
I expect people pay for software/hardware with the idea what they are using should "just work" (assuming they are following the proper operating procedures). Maybe marketters should stop spreading this idea and be more realistic if it's not true.
Many people treat their cars this way. They know how to drive them, but not how to fix the
Re:Education (Score:2)
Maybe we should get a copy of Moodle installed somewhere and put up some cyber security courses, K-Ph. D. levels should cover it.
How important is it REALLY? (Score:4, Insightful)
And what good is a "federal overseer" when they have no jurisdiction over half of the network?
I say that we're no worse off for not having a top-dog. It's a meaningless, ineffective position. Why spend the money on it, much less promote the position to a direct report under the DIRHSA?
Re:How important is it REALLY? (Score:1)
This is my logic to have an international control of the Internet (predominated by the US).
But in terms of what they could do, did you really think they could bring down the Twin Towers? I mean, I figure that they can be pretty darn creative if they put their minds to it. And they seem to have decent monetary backing.
That was known years ago. (Score:5, Insightful)
But planes are physical objects. They cause physical damage. Normal, healthy people can be killed from physical damage.
What's the very worst that can happen if the Internet goes down?
That's not a rhetorical question. Think of the worst situation you can and then think of whether it would be better/safer to not have the Internet connected to whatever it is. Nuclear plant cyber-attack? Why have them on the 'net in the first place? Dam flooding a town? Same thing.
The first thing any "cybersecurity czar" should be doing is making sure that the potential for damage is reduced.
If the worst thing that they can do is to steal your identify and money online, then you're "safe" in that it won't kill you or physically cripple you.
But that takes thought and expertise in evaluating the real threat.
Re:That was known years ago. (Score:3, Informative)
Re:That was known years ago. (Score:2)
Somebody somewhere panics and shoots off a bunch of nuclear missiles. Billions die, but I survive.
Now it's a race to see if I die from radiation or starvation. Good thing I have all this extra body fat. Once that's gone, I'll have the corpses of my family and my pets to eat.
Dang, radiation sickness really sucks. The other survivors all have it too, so I'm able to successfully fight them off for my share of the remnants of society.
Fina
Re:That was known years ago. (Score:1)
It's about keeping the computer that run things safe, whether or not they are on the internet.
Granted, in most cases they can be made safe by removing remote access and restricting physical access to them.
Re:That was known years ago. (Score:1)
For the sake of argument, let's assume that it wouldn't cost any lives. It could easily cost tens or hundreds of billions of dollars. This is where logic breaks down for most people. They are unwilling to equate lives to dollars. But lives *are* dollars, and dollars *are* lives. That's the whole purpose of money, to serve as a paper representation of the everything a person needs and can hope to achieve in his life. Dollars buy medicin
Re:That was known years ago. (Score:2)
Exactly so!
Prior to the first Gulf War when Saddam bin Laden invaded Kuwait and King George 1st retaliated, the Islamic Republic of Iran was busy making mischief in the Persian Gulf -- mining the waterways used by the oil tankers sailing out of Iraq, Kuwait, and Saudi Arabia, as well as threatening the NATO ships in the region with Chinese supplied Silkworm missles. The US Navy shot down an Iranian commercial aircraft over the Persian Gulf because i
Re:How important is it REALLY? (Score:2)
All powerstations are down for days, lots of people die at hospitals all over the country. Others people die due to no light/AC/heat/water "even worse" ... billions lost due to companies that can't do anything, noone can travel due to gas stations not having power (thus no food gets to stores), stocks go down the toilet bringing even more economic damage.
But, yeh, fuckit ... you've got virus protection right
Re:How important is it REALLY? (Score:2)
Hospitals going dark? Patients dying without power? I'm sorry, you must have missed the last couple of decades where virtually every hospital and almost all major clinics in the country have standby diesel generators. Hell, not only the ordinary office buildings and hotels around here but even the freakin' PARKING RAMPS have generators now, lest the power should go out and trap Jim-Bob in an elevator for
And yet with GLB/HIPAA/Sarbanes-Oxley (Score:3, Insightful)
Let he who is without sin...
Hire new people asap and get creative (Score:2)
"I sure wouldn't take that job," "It only has a downside."
"It's been a mess for over four years, and hopefully the new folks will fix this,"
"In the previous incarnation, DHS and the Homeland Security Council didn't really know what to do with cyber--it's been a deer-in-the-headlights experience for them,"
"Cybersecurity clearly fell off the radar screen when they set up the department, and the department is trying to find its way,"
"the nation is a
Re:Hire new people asap and get creative (Score:2, Insightful)
the ownership vs. threat info gap (Score:5, Insightful)
One group (govt) may understand the threat, but is clueless on the operations side. The other group (owers) don't have the classified intelligence data on the threat, but do know the operations side of the network.
Until the two sides share both info and operations knowledge, cybersecurity isn't possible.
Who wants a top-down solution anyway? (Score:5, Insightful)
Brrr.
Re:Who wants a top-down solution anyway? (Score:2)
If they're really "responsible", why not? (Score:2)
I don't mean just saying "I take responsiblity".
Responsiblity means that you pay the consequences.
If someone cracks my systems at work and gets away with customer data, I'm the one they fire. I'm "responsible". But I don't see anyone in our government actually being "responsible". That's the whole purpose of bureaucracy. The "responsibility" is diffused until it doesn't exist in sufficient quantity with any one per
Re:Who wants a top-down solution anyway? (Score:1)
Don't get me wr
Re:Who wants a top-down solution anyway? (Score:1)
TFA: "the nation is applying Band-Aids, rather than developing the inherently more secure information technology that our nation requires."
The popular + IT/tech press: more and more statements like this lately...
Quadraginta above: "Goodness, who wants the Federal government to be responsible for general IT security in this country? I mean, let's just think carefully through the kind of power over the network they'd need (or say they need) to be given to achieve it."
Put the clues together, here. Or m
Re:Who wants a top-down solution anyway? (Score:2)
"And there fhalle be no portf open by default."
or something.
DHS bit off more than they can chew (Score:3, Insightful)
Re: DHS bit off more than they can chew (Score:2)
A history of unfavorable gov't security reports (Score:5, Informative)
Much of the Federal government has a sub-optimal track record in the security arena. In March of 2004 Rick Forno published an article (with links) that summarized Uncle Sam's security issues:
The farce of federal cybersecurity [securityfocus.com]
(That's the title Rick used, btw.)
Of course, they are not ready (Score:1, Insightful)
wish they would stop using the word "cyber" (Score:2)
Re: wish they would stop using the word "cyber" (Score:2)
You are so cyber-right about that!
same ole same ole (Score:2)
Common sense, does it exist? (Score:2, Insightful)
Similarly, the Bush administration ignored the valuable information it received from Richard Clarke and even their own Condoleezza Rice.
Re:Common sense, does it exist? (Score:2)
Though I agree with your points, it's important to realize that there are other contributing factors to both the hijacking and why cockpit do
Authority grab is the problem (Score:3, Interesting)
FEMA can do nothing but react to an event and throw more debt at the problem. Unfortunately this leads to problems down the road - not only does it push the federal government closer to insolvency - but it leads to all kinds of expectations on the part of locals who develop the "we'll just sit back and wait for the calvary" mentality. Not only this, but you end up with gross inequity in the response: federal dollars to New Orleans for Katrina are already about 5 times the aid sent to Florida for four hurricanes combined. FEMA has given out some $600,000,000 in "emergency cash disbursements" so far, with many people upset that only the first 10,000 or so were given $2,000 cash cards. New Hampshire recently saw a few hundred people flooded out and it wouldn't shock me in the slightest if some of them file lawsuit under the equal protection clause asking for $2,000 cash cards, FEMA-paid apartments around the country and the like.
Local emergencies should be handled by city, the county, the state and then the federal. In that order. And the federal should not be allowed to call any of the shots: they should provide resources only but all decisions should be made by the local leaders.
Re:Authority grab is the problem (Score:1)
Re:Authority grab is the problem (Score:2)
The difference between Madison's federalists and Jefferson's anti-federalists. I believe in a weak federal government under the theory that there is less accountability at the federal level which makes abuse easier and more widespread.
Do I believe they will buy into this? No. Just a beautiful dream.
Re:Authority grab is the problem (Score:2, Insightful)
By your proposal every single locality in the United States needs to have experts i
Re:Authority grab is the problem (Score:2)
Typo? Perhaps not.
In fact, that is how it is handled, more or less.
Re:Authority grab is the problem (Score:2)
I'm not really sure that I agree with this. The major efforts to rebuild New Orleans were conducted by Army engineers, and military hardware was a big part of multiple efforts. It's not appropriate to turn over control of military hardware and manpower to local authorities, given that a great amount of coordination is needed to use available tools most efficiently. That in turn means that some central a
Re:Authority grab is the problem (Score:2)
Checklist for fixing ALL cybersecurity problems (Score:3, Interesting)
If the Department of Homeland Paranoia were to implement such a system, I feel confident they'd score an A on their next evaluation, and would be as close to invulnerable as you can be using a computational system. People may disagee - and probably will - but I'd like to know where they think they'd be able to break in.
And when you inevitably fail ... (Score:2)
... you still need recourse. You can't expect that all IT solutions will be 100% secure -- some engineer/administrator along the way will make a mistake. And worse, there's still the human element: even if you plug all the holes, those on the inside can still steal or misuse information stored on the very secure platforms.
So what's the backup, that recourse? Log all events on your network: TCP/IP connections, transfer statistics, event logs, syslogs, web server logs, mail logs, DB logs, etc. Make su
The problem with Federal computer security (Score:2)
NIST, part of commerce, has come out with good documentation on information security. They have also created guides on host OS security duplicating NSA & DISA efforts.
DISA, an agency within DOD, is the proponent for the Security Technical Implementation Guides (STIGs). These STIGs are the best, most updated guides on technical security within the US govt, and mandatory for DOD components.
NSA, an agency within DOD, is th
Let's Save Time (Score:2)
Re:Let's Save Time (Score:2)
they need to be prepared for an emergency (Score:1, Funny)
1,000,000 emergency email clients
100,000 fast-deploying RSS readers
5,000,000 excel-compatible spreadsheets (they might have to tap foreign companies to produce this)
20,000,000 Windows-compatible operating systems
plenty of duct tape
Thankfully, DHS has already executed several successful evacuation drills:
1) with coordination from the major tier-1 ISPs, we can evacute up to 1 terabyte per day from the maj
What is their purpose? (Score:1)
US changed or under panic? (Score:2, Informative)
Appointments in other areas haven't been good (Score:2)
It's a real problem. The President's key job is is appoint the top people in the federal government, about 3000 of them. That determines how well the Gove
Re:Who qualifies (Score:2)
If a tree falls in the forest, does it make a sound?
Is it really a server if its not connected to a network?
Re:Who qualifies (Score:3, Funny)
Re:Who qualifies (Score:2)
Re:Who qualifies (Score:2)
Re:Who qualifies (Score:2)
Exactly but what doesn't help is when on sub-department of HLS says don't use IE6.0 it's insecure for the average user and an other like FEMA say's you must use IE6.0 to access this site and get emergency money. In the military their is a saying that goes "A poor plan well executed is better than a good plan poorly executed". The feds are showing numerous signs of poor executuion, if they can't decide if we can use IE6.0 or not inside one department, it bo
Re:culture of corruption == incompetence (Score:3, Insightful)
I'm a lesser evilist. No love for the DLC, but they are significantly easier on the long term health of the country and the standard of living of the lower income 99% of the population. Pop quiz: Who balanced the Federal budget and in what year? Question 2: Under which post WWII administration was the most national debt accumulated?
> Do yourself a favor and stop being an
Re:culture of corruption == incompetence (Score:2)
If Flash plays on a filtered web browser with nothing to view it, is it really playing?
Re:Homeland Non-Security (Score:3, Insightful)
* The DMCA
* The PATRIOT act
* The increasing biocontrols at air and sea ports
* Mandatory fingerprints for all US citizens entering or leaving the country
* The scary ability that US police shows portray of any US citizen being seconds away from a database search, and the apparent acceptance by Hollywood that this