Computer Security Lacking at Homeland Security 158
peter303 writes "The New York Times (reg. required) reports that computer backup procedures are woefully inadequate at 19 centers of the Department of Homeland Security. Should this agency strive to be good example for the rest of the country and protect against extreme hackers? " From the article: "Adequate backups were lacking for networks that screen airline passengers, that inspect goods moving across borders and that communicate with department employees and outside officials.
Those same agencies, the auditors found, have in most cases failed to prepare sufficiently written disaster recovery plans that would guide operations if a main office or computer system was knocked out."
HA! (Score:2, Funny)
Re:HA! (Score:3, Funny)
Re:HA! (Score:2)
Re:HA! (Score:4, Funny)
Re:HA! (Score:3, Funny)
The ministry of truth.
The department of homeland security.
DoD? (Score:1)
Re:HA! (Score:2)
The ministry of truth.
The department of homeland security."
I still get the impression that the name implies a salute using a stiff palm raised high. Maybe with a little Vaugner playing in the background.
What moron thought that was a good name?
Re:HA! (Score:2)
Re:HA! (Score:2)
Yes, that was the joke. I know I'll sleep better tonight knowing that you got it.
LK
And for those of us who don't want to register.... (Score:2, Informative)
Re:And for those of us who don't want to register. (Score:2)
Re:And for those of us who don't want to register. (Score:2)
078-05-1120
Re:And for those of us who don't want to register. (Score:2)
The Social Security Administration is reviewing our records and it appears you information for SS# 078-05-1120 is out of date.
Please reply to update with your correct date of birth and home address.
Sinceerly
Social Secureity Dept.
Re:And for those of us who don't want to register. (Score:1)
. . . or some punk hijacked the password!
I'm torn... (Score:4, Insightful)
It is wrong that they don't have backups. However a lot of this data is stuff that I want to be on a server that crashes hard, without backups. Preferably in such a way that even disaster recovery places can't get the data back.
Re:I'm torn... (Score:2)
If another 9/11 happens do you want them to be able to look at their records? What if they are fsck'n the system on our dime?
Just store them on a backup machine nicknamed "Deep Throat".
Re:I'm torn... (Score:2)
Re:I'm torn... (Score:1, Flamebait)
Um... because you'd rather that security is handled by systems that can mine for threats in real time, all the time, so they don't have to worry about it? Or, because you're really not worried about the foreign national who's overstayed his visa, but who took pilot lessons, just spent a couple of months touring the scenic
Re:I'm torn... (Score:2)
Re:I'm torn... (Score:2)
As much as they're functioning as an evil entity ....
If they are going to gather information which will be used to imprison people, strip them of their rights, or all of the other things they are doing, it behooves them to have accurate records.
Otherwise, what happens when they
Who needs good security on homeland computers? (Score:3, Funny)
Dry humor (Score:2)
Re:Who needs good security on homeland computers? (Score:4, Insightful)
Basically the only people who want to hack homeland security computers would be terrorists.
...and UFO researchers [slashdot.org]. Don't forget UFO researchers.
;-)
Seriously, though, I'd tend to blame "hacking" like this on the intelligence and security services of foreign powers (and their domestic servants, etc) before I blamed terrorists. Terrorists tend to prefer, well, terror, preferably against a multitude of frightened civilians.
Re:Who needs good security on homeland computers? (Score:2)
You mean like these [wikipedia.org] people?
Re:Who needs good security on homeland computers? (Score:1)
Perhaps. But we cannot just point the finger immediately as soon as a computer does get cracked. And the fact that crackers can use anonymous proxies and the like to carry out their attacks doesn't necessarily mean that they'll get caught right off the bat. And we all need good security in any case, really. No one wants a systemwide failure period. That motivation at least should be enough to upgrade Homeland Secu
Re:Who needs good security on homeland computers? (Score:1)
Unfortunately, I think that quite a few people who aren't "terrorists" per se would be more than happy to try to hack into homeland security computers. Why? I'd imagine it's quite an accomplishment to claim, from certain points of view. Plus, there are certain people who are anti-government but not exactly anti-American
Re:Who needs good security on homeland computers? (Score:2)
So is it fair to say that someone who has a problem with the US Dept of Homeland Security is a terrorist sympathizer? Or even has terrorist tendencies?
It's all an Illusion (Score:5, Insightful)
Same here...they pretend to try to catch terorists when in reality the next power failiure could knock the whole list out.
Re:It's all an Illusion (Score:2)
Re:It's all an Illusion (Score:2)
Re:It's all an Illusion (Score:2)
It's not about security, only the perception of it (Score:5, Insightful)
Yep. That's because no one is looking at the systems and processes with the intent of actually improving them.
Instead, we have knee-jerk reactions from people who do NOT understand security who attempt to compensate for previous attacks with new rules/regs.
And the "pretend" is the problem. That's exactly what they're doing. And they're hoping that the public will accept that as them actually doing something about the problem.
It's all about the public perception of the issue.
The same as it is in all aspects of politics.
As long as there isn't a power outage, they're doing a "good" job, as far as the public is concerned.
If there is a power outage, then it comes down to whom they can blame.
It's a lot easier and far more cost effective for the politicians to be re-active rather than pro-active.
Which is why security is NOT something that ANYONE should allow a politician to be involved in.
Re:It's not about security, only the perception of (Score:1)
I think this is my favorite part. SOP is to appoint a panel and narrowly define their charge. Extra points if the committee doesn't have subpoena power.
After a year or so, the panel finds that no single person is to blame, and that the "culture" needs to change. They write a report. Maybe people read it. The report goes on a shelf. Nobody loses their job. Eventually, things will hit the fan again and a new panel can be appointed. Witne
Re:It's not about security, only the perception of (Score:5, Insightful)
Security? The same argument may be applied to politicians running the economy and creating legislation and regulations, too.
Perhaps we ought to look into education so our peasants aren't so damn gullible to the wiles of politicians.
Re:It's not about security, only the perception of (Score:2)
Re:It's all an Illusion (Score:3, Interesting)
Seriously - that was the biggest disappointment about the shoe-bomber case. If he'd only smuggled the bomb up his ass, the simple act
It's not just America (Score:2, Interesting)
Governments are hopeless at dealing with security. They are slow, lack innovative thinking and care more for their own careers than for their constituents. What matters m
Re:It's all an Illusion (Score:2)
Considering that IMO probably 98% of all the people in the world should never be seen naked I'd vote for gouging my eyes out, I think.
On a happier note, it's also my opinion that the remaining 2%
Re:It's all an Illusion (Score:3, Interesting)
The main problem will be to get the guy so drugged he won't care about the stitches/pain yet will still be able to physically board the plane.
It'd be even better to use a post-partum woman. She'd already have a lot of room and wouldn't really require surgery to implant the explosives. It'd be hard to get a woman rec
Re:It's all an Illusion (Score:1)
Re:It's all an Illusion (Score:3, Insightful)
Re:It's all an Illusion (Score:2, Insightful)
Re:It's all an Illusion (Score:2)
There is nothing about these security checks that is going to stop a real threat. It is a chance to spend money (power) and hire people (influence) to keep up employment (but not a public works program because its security and military--wink, wink). Making people wait in line is just training for our glorious future. Does it matter what you call your government if it just plane sucks?
I see absolutely NO concern about terrorism from this government. I just see window dressing. Terrorism should b
And this matters how??? (Score:3, Interesting)
It's easy to pick holes in the lack of backup of a system, but it's pointless when the system has no utility to begin with.
Moderators, please mod parent up. (Score:2)
Re:And this matters how??? (Score:2)
Striking coincidence...
omg!!11! (Score:1)
Say it ain't so!
Careful What You Wish For (Score:2)
Re:Careful What You Wish For (Score:2)
But wait! After Pearl Harbor Roosevelt didn't say 'Let's go shopping!'. Which is precisely what Bush Cheney said after 9/11 so maybe you are right....
Re:Careful What You Wish For (Score:2)
It's probably going to take a Pearl Harbor style disaster for them to do something...
They are doing something. They're taking a pile of your tax dollars and using it to collect information on you while simultaneously giving huge amounts of money to all sorts of ex-cons and ex-govt officials in a variety of security industries. Or did you mean you wish they would do something about improving their computer security or inconveniencing terrorists. Fat chance of that.
They did wake up! (Score:2)
They only have to post his information on their servers and the hackers will stay away.
Re:Careful What You Wish For (Score:2)
The increasing diplomatic confrontations and economic sanctions against Japan by the United States and others, compounded by Japan's undeclared war in China and the weakening of European control in Asian colonies, precipitated the war in the Pacific.
You can find this information here: http://www.mindef.gov.sg.nyud.net:8090/safti/p [nyud.net]
Re:Careful What You Wish For (Score:2)
If you don't know how to do it... (Score:3, Insightful)
DHS has computer problems, sure, but the agency as a whole is a misguided waste of resources. It's probably better that it's computer systems don't work, otherwise they'd figure out a way to stop Ted Kennedy from driving or using an elevator in addition to not flying.
Re:If you don't know how to do it... (Score:2)
Add that the only agencies that could ever hope to get funding to do a computer system properly are not under DHS. The CIA, NSA, somewhere deep in the DoD, etc., they probably get the resources they need, but DHS is a cost for Congress to budget without immediate intelligence or defense benefits like spy satellites or cruise missiles.
Probably the biggest challenge for DHS is not computers, either, as it is probably raw man power. Thousands of miles of borders, compounded by interdependent economies, isn'
Re:If you don't know how to do it... (Score:1)
Mary Jo Kopechne might not think that that's such a bad idea.
This could really suck... (Score:5, Insightful)
"I'm sorry, Sir, you can't board. Our screening system is down."
"I've got a ticket. I've shown you my papers. You (and every RFID hacker within 50 feet of my entire path through this airport) have scrutinized my RFID passport. I've given my decilitre of blood for biometric screening. The plane is about to close door and push off. I'm returning home after 18 months dodging RPGs and Kalashnikov fire in Bagdhad, and I'm still in uniform. And you're telling me I can't board because you can't be sure I'm actually not bin Laden in extremely clever disguise?"
"No, Sir, I'm telling you that you can't board. Our screening system is down."
"This is unacceptable. Who is your supervisor?"
"That is classified. Please wait here. [whispers into radio: "Got another Gitmo client for ya."]
Could? (was Re:This could really suck...) (Score:1)
This really tweaks me... (Score:2)
The above scenario really pisses me off, and it is a scenario that I see has a real probability of happening, all the more so because of the moronic alarmist intimidating position that the powers that be have taken about this whole national security thing. (Something similar, though not necessarily technology related happened during the "war" in Afghanistan when a wounded army Lt. was told he could not bring the wire clippers, that he could use to cut the wire holding his wounded jaw shu
Re:This really tweaks me... (Score:3, Insightful)
I'm not talking about special treatment nor do I think hassling members of the military is necessary. I suppose it comes down to the fact that I don't think anybody should be treated like that.
The real problem I have is that
But George said it was OK! (Score:2, Insightful)
What do backups have to do with security? (Score:3, Interesting)
Re:What do backups have to do with security? (Score:2, Informative)
Re:What do backups have to do with security? (Score:2)
Exactly.
While backup processes are related to data retention policy, and such polieces are related to security, it's a gross oversimplification to assert that "NO BACKUPS = NO SECURITY" as Submitter has done.
Re:What do backups have to do with security? (Score:2)
(scratches head)
1. If you don't know what you had you don't know if what you have has been screwed with.
2. If you do get screwed with, it's critical to be able to restore from a known good system. Otherwise, game over; you have to rebuild from scratch and guess about what has/has no
Anyone Surprised? (Score:1)
Re:Anyone Surprised? (Score:2)
Some do really well. My state's website is awesome. I found out how to start a sole prorpietorship and do sales tax within a few clicks of the mouse. It also helps my state has awesome laws for sole prorietorships and sales tax (no business license and a single page return for state and county tax!).
Sometimes, how a state government presents itself shows the overall health of that state. My state has a v
"Extreme Hackers"? (Score:4, Funny)
People who crack Windows boxen while bungee jumping? Releasing IIS worms from a wi-fi enabled handheld in a canoe half-way down some whitewater rapids?
Or, y'know, just yet another pathetic attempt to make something fundamentally known and understood sound suddenly somehow exciting and dangerous?
Oh, and for reference? The "Extreme Hacker" your link's about was a 37 year-old script kiddie who Haxx0red Us government machines direct from his own home connection.
You couldn't get stupider (and less '1ee7) if you tried...
Re:"Extreme Hackers"? (Score:2)
Re:"Extreme Hackers"? (Score:2)
I thought the whole point of leetspeak was that you proved how much of a rebel you were by intentionally disregarding restrictive and arbitrary rules... like spelling, grammar and basic comprehensibility...
Look (Score:3, Insightful)
Is anyone really surprised that the Bush administration has done nothing significant right in the War on Terror?
The agencies still can't communicate, they're security holes in themselves, our resources are diverted to a fanatical war in Iraq that has nothing to do with terror in America, and we find that the greatest threat to the safety of Americans today is the lies the President told or ordered to be told in order to get 1500 kids killed in a place he admits we had no pressing reason to attack.
This isn't a troll. It's a list of the facts. Anyone disagreeing can disagree, but will be fighting the truth. Consider that before posting political dogma.
Re:Look (Score:3, Insightful)
. You don't have a clue about the facts. The Agencies DO co-operate (as indicated in the way some of the terrorists wannabes and funding sources have been rooted out here in the States), but they don't co-operate as well as they could. Do you really expect to change 25 yrs of Civil Servant attitudes in less than 4 yrs?
The War in Iraq has a LOT to do with terrorism. Saddam and his Baath party provided sanctuary, training camps and funding for Al-Queda. To deny that is to den
Re:Look (Score:2)
Maybe you should read the 9/11 Commission's report.
Shortpoint: Iraq had no ties to Al-Qaeda, Bin Laden considered Saddam an foe rather than a friend.
The key phrase there is had no ties. Al-Qaeda seems pretty well integrated into Iraq now. Go us, I feel safer already. While Iraq is serving as a kind of lightning rod for terrorist activities, how long can it last?
Re:Look (Score:1)
Filthy liar! Here's just one thing [lessig.org] that the Department of Homeland Security has done to protect the homeland from terrorist threats. And you can bet that there are a million more stories just like that one!
what a surprise (Score:1)
Re:what a surprise (Score:2)
The Dubya regime and the neo-con allies in Congress are hard at work making private contactor airport security a reality again. They decided (1) that they don't want 60,000 new Federal workers joining Federal unions, (2) that they can't do any better hiring se
Set an example? (Score:1)
"Should this agency strive to be good example for the rest of the country and protect against extreme hackers?"
No. It's not their job. If the institution has to exist, it should outsource the IT stuff.
When they founded the US government, they weren't trying to make a good example about computer security. They were trying to protect human rights. Let's stick to that. Everything else should be up to free enterprise.
Re:Set an example? (Score:1)
my opinion (Score:1, Troll)
Bam - that pops, it sizzles, as we say in the consulting b
Re:my opinion (Score:1)
You're an idiot if you let your thousands of underlings each take home their own personal copy of the classified data that they work on.
B
Re:my opinion (Score:2)
Actually, with the right encryption, it could work fairly well. Unrecoverable media failure (leaving the CD on a car dashboard) is mitigated by the huge redundancy.
Of course, there's only so much a CD or even a DVD can hold, so only the smallest businesses could do this.
Re: (Score:2)
Two Words: Plausible Deniability (Score:2)
Ideally they would be able to do a trade with those shifty HUD bastards whereby they trade funding for storage of embarrising documents;-)
This reminds me of a story... (Score:4, Funny)
Mgr: So how's it going? Blah blah blah...
Me: It's fine. Blah blah blah...
Mgr: So..um..did you ever "borrow" a copy of the source code to the Disaster Recovery solution that you single-handedly wrote? You know, for "posterity" reasons?
Me: Of course I didn't. That wouldn't be ethical for sure and probably would be illegal. Why do you ask?
Mgr: Well, it seems that the hard drive that your machine used crashed and we don't have a backup.
WTF? Backups and DR equate to 'security?' (Score:4, Insightful)
From the summary (no, I'm not going to RTFA when the subject and summary are so far out of whack):
Adequate backups were lacking for networks that ... in most cases failed to prepare sufficiently written disaster recovery plans that would ..."
So, if I have valid backups of all the patient data here, I guess those HIPAA security requirements are met, eh? Or do I have to have valid backups and a DR plan to achieve 'computer security' nirvana?
Now, if the issue were that their backup tapes were going offsite, unsecured and unencrypted, then the subject might make sense. But, this is silliness. Almost as silly as the DHS itself (hint: The Department of Homeland Security isn't supposed to keep the people safe from terrorists, it's supposed to keep the government safe...think about that one), but...whatever. (sigh)
Re:WTF? Backups and DR equate to 'security?' (Score:3, Informative)
What's this have to do with HIPAA?
Re:WTF? Backups and DR equate to 'security?' (Score:2)
DHS: (Score:1)
DHS backup plan (Score:2)
Internet Security threats and OS Guerilla warfare (Score:1)
Summarization of Events (Score:2)
Since 9/11, the goverment of USA has been granted extra money, extra legal rights, extra measures and lives to defend against the 'terrorist threat'. I find it extremely ironic, let me tell you why.
First, what did the government do in the last years to improve security? A lot of in-depth reports and analysis say that the results can be barely registered as an improvement, meanwhile being a major annoyance to t
Re:Summarization of Events (Score:2, Insightful)
No matter what the government (any government) does, it will not be to protect you, it will be to protect the government. Why do they ban firearms, yet the government has firearms.... is the government somehow more responsible than the individual? No.
As a matter of fact the governments of the world have laws that make them exempt from being responsible for anyth
Typical (Score:2)
3. I promise not to come in your mouth
2. The check is in the mail
1. We're from the Government & we're here to help you
computer security? (Score:1)
Backup != Security (Score:1, Interesting)
No kidding. Backups in one hand, security in the other. I'm sure
They need an audit (Score:1)
In Other News (Score:2)
"Government reported incompetent at everything, including invading other nations."
Film at 11.
Written Recovery Plan (Score:2)
So they don't have a written disaster recovery plan -- how terrible. I'm a DBA, and I have six or seven disaster recovery plans, all neatly typed, with lots of polysyllabic
Re:And this is... (Score:3, Insightful)
If general public especially computer nerds say "eh whats new" then no one else is going to bother, coz the general public doesn't even realize they have to bother.
I know I am going in to a ramble mode
Re:Why does the word "homeland" (Score:2)