Computer Security Lacking at Homeland Security 158
peter303 writes "The New York Times (reg. required) reports that computer backup procedures are woefully inadequate at 19 centers of the Department of Homeland Security. Should this agency strive to be good example for the rest of the country and protect against extreme hackers? " From the article: "Adequate backups were lacking for networks that screen airline passengers, that inspect goods moving across borders and that communicate with department employees and outside officials.
Those same agencies, the auditors found, have in most cases failed to prepare sufficiently written disaster recovery plans that would guide operations if a main office or computer system was knocked out."
HA! (Score:2, Funny)
Re:HA! (Score:3, Funny)
Re:HA! (Score:2)
Re:HA! (Score:4, Funny)
Re:HA! (Score:3, Funny)
The ministry of truth.
The department of homeland security.
DoD? (Score:1)
Re:HA! (Score:2)
The ministry of truth.
The department of homeland security."
I still get the impression that the name implies a salute using a stiff palm raised high. Maybe with a little Vaugner playing in the background.
What moron thought that was a good name?
Re:HA! (Score:2)
Re:HA! (Score:2)
Yes, that was the joke. I know I'll sleep better tonight knowing that you got it.
LK
And for those of us who don't want to register.... (Score:2, Informative)
Re:And for those of us who don't want to register. (Score:2)
Re:And for those of us who don't want to register. (Score:2)
078-05-1120
Re:And for those of us who don't want to register. (Score:2)
The Social Security Administration is reviewing our records and it appears you information for SS# 078-05-1120 is out of date.
Please reply to update with your correct date of birth and home address.
Sinceerly
Social Secureity Dept.
Re:And for those of us who don't want to register. (Score:1)
. . . or some punk hijacked the password!
I'm torn... (Score:4, Insightful)
It is wrong that they don't have backups. However a lot of this data is stuff that I want to be on a server that crashes hard, without backups. Preferably in such a way that even disaster recovery places can't get the data back.
Re:I'm torn... (Score:2)
If another 9/11 happens do you want them to be able to look at their records? What if they are fsck'n the system on our dime?
Just store them on a backup machine nicknamed "Deep Throat".
Re:I'm torn... (Score:2)
Re:I'm torn... (Score:1, Flamebait)
Um... because you'd rather that security is handled by systems that can mine for threats in real time, all the time, so they don't have to worry about it? Or, because you're really not worried about the foreign national who's overstayed his visa, but who took pilot lessons, just spent a couple of months touring the scenic mountains of northern Pakistan, doesn't file taxes but spends a lot on wholesale chemicals and used dental xray equipment, and wires a lot of money to Hamas? Definately we don't want that info available, even in profile/status form, when he's booking a seat on a flight back into Dulles, or trying to get a license to drive 18-wheelers tankers for his new job at the fuel delivery company or signing up at the railyard where they load chlorine by the megaliter.
Re:I'm torn... (Score:2)
Re:I'm torn... (Score:2)
As much as they're functioning as an evil entity
If they are going to gather information which will be used to imprison people, strip them of their rights, or all of the other things they are doing, it behooves them to have accurate records.
Otherwise, what happens when they 'lose' the data that got you held under a special ticket that says nobody gets to know where you are, but keep the data that indicates you're still evil.
Is tha internal check going to say "anyone whose incriminating data has been lost is freed"??? No, they're going to say the reasons are still friggin' classified and that this person really does need to be secluded without a lawyer for even longer.
They've been given powers whcich seem well outside the usual rule of law. If they're incapable of going to extra-ordinary lengths to preserve data integrity, then as an organization, they don't deserve such far reaching powers.
Who needs good security on homeland computers? (Score:3, Funny)
Dry humor (Score:2)
Re:Who needs good security on homeland computers? (Score:4, Insightful)
Basically the only people who want to hack homeland security computers would be terrorists.
...and UFO researchers [slashdot.org]. Don't forget UFO researchers.
;-)
Seriously, though, I'd tend to blame "hacking" like this on the intelligence and security services of foreign powers (and their domestic servants, etc) before I blamed terrorists. Terrorists tend to prefer, well, terror, preferably against a multitude of frightened civilians.
Re:Who needs good security on homeland computers? (Score:2)
You mean like these [wikipedia.org] people?
Re:Who needs good security on homeland computers? (Score:1)
Perhaps. But we cannot just point the finger immediately as soon as a computer does get cracked. And the fact that crackers can use anonymous proxies and the like to carry out their attacks doesn't necessarily mean that they'll get caught right off the bat. And we all need good security in any case, really. No one wants a systemwide failure period. That motivation at least should be enough to upgrade Homeland Security Computer Security.
Re:Who needs good security on homeland computers? (Score:1)
Unfortunately, I think that quite a few people who aren't "terrorists" per se would be more than happy to try to hack into homeland security computers. Why? I'd imagine it's quite an accomplishment to claim, from certain points of view. Plus, there are certain people who are anti-government but not exactly anti-American-people enough to go around bombing places or whatever; this would seem a "harmless" target that would hurt the infrastructure but not kill anyone.
That's misleading logic, though, since having to track/do damage control after someone wreaked havoc here would take energy and resources away from Homeland Security's real mission, and in doing so possibly endanger the country. Even if I'm rather skeptical of the agency's structure and initiatives (which I am), I still think it could be detrimental to gum its gears like that.
Re:Who needs good security on homeland computers? (Score:2)
So is it fair to say that someone who has a problem with the US Dept of Homeland Security is a terrorist sympathizer? Or even has terrorist tendencies?
It's all an Illusion (Score:5, Insightful)
Same here...they pretend to try to catch terorists when in reality the next power failiure could knock the whole list out.
Re:It's all an Illusion (Score:2)
Re:It's all an Illusion (Score:2)
Re:It's all an Illusion (Score:2)
It's not about security, only the perception of it (Score:5, Insightful)
Yep. That's because no one is looking at the systems and processes with the intent of actually improving them.
Instead, we have knee-jerk reactions from people who do NOT understand security who attempt to compensate for previous attacks with new rules/regs.
And the "pretend" is the problem. That's exactly what they're doing. And they're hoping that the public will accept that as them actually doing something about the problem.
It's all about the public perception of the issue.
The same as it is in all aspects of politics.
As long as there isn't a power outage, they're doing a "good" job, as far as the public is concerned.
If there is a power outage, then it comes down to whom they can blame.
It's a lot easier and far more cost effective for the politicians to be re-active rather than pro-active.
Which is why security is NOT something that ANYONE should allow a politician to be involved in.
Re:It's not about security, only the perception of (Score:1)
I think this is my favorite part. SOP is to appoint a panel and narrowly define their charge. Extra points if the committee doesn't have subpoena power.
After a year or so, the panel finds that no single person is to blame, and that the "culture" needs to change. They write a report. Maybe people read it. The report goes on a shelf. Nobody loses their job. Eventually, things will hit the fan again and a new panel can be appointed. Witness the Challenger and Columbia reports.
The 9/11 panel is one of the few to have any kind of follow through, and they are doing on their own.
Re:It's not about security, only the perception of (Score:5, Insightful)
Security? The same argument may be applied to politicians running the economy and creating legislation and regulations, too.
Perhaps we ought to look into education so our peasants aren't so damn gullible to the wiles of politicians.
Re:It's not about security, only the perception of (Score:2)
Re:It's all an Illusion (Score:3, Interesting)
Seriously - that was the biggest disappointment about the shoe-bomber case. If he'd only smuggled the bomb up his ass, the simple act of getting in line at the airport would be a lot more fun.
Imagine hearing stuff like "Excuse me, ma'am, I think you're kinda cute, and since I'm kinda average, and since the guy front of me is obviously better-looking than me, and since the guy standing behind you is obviously gay, I think that three out of the four of us would be happier if you and I switched places. How 'bout it?"
Everybody wins!
It's not just America (Score:2, Interesting)
Governments are hopeless at dealing with security. They are slow, lack innovative thinking and care more for their own careers than for their constituents. What matters most is whether or not you can protect yourself, your assets and your family when (if) the time comes. Then you can rid your mind of all the political and media led one-upmanship that comes along with security and the war on terrorism and get more important things done in life.
Re:It's all an Illusion (Score:2)
Considering that IMO probably 98% of all the people in the world should never be seen naked I'd vote for gouging my eyes out, I think.
On a happier note, it's also my opinion that the remaining 2% of the population should be prohibited from wearing clothing at any time.
Re:It's all an Illusion (Score:3, Interesting)
The main problem will be to get the guy so drugged he won't care about the stitches/pain yet will still be able to physically board the plane.
It'd be even better to use a post-partum woman. She'd already have a lot of room and wouldn't really require surgery to implant the explosives. It'd be hard to get a woman recruited into their little cult, but if they kidnap a baby and promise to release the child if the woman goes with their plan, I'm sure they'd get a few willing moms.
Just remember: The next thing will be something we don't expect. Kinda like the Inquisition.
Re:It's all an Illusion (Score:1)
Re:It's all an Illusion (Score:3, Insightful)
Re:It's all an Illusion (Score:2, Insightful)
Re:It's all an Illusion (Score:2)
There is nothing about these security checks that is going to stop a real threat. It is a chance to spend money (power) and hire people (influence) to keep up employment (but not a public works program because its security and military--wink, wink). Making people wait in line is just training for our glorious future. Does it matter what you call your government if it just plane sucks?
I see absolutely NO concern about terrorism from this government. I just see window dressing. Terrorism should be treated as a crime--not by attacking the innocent and creating a greater threat. We have to change conditions that we have created (not all of this is our fault, but a good bit is under our control --like propping up the Saudis).
Do you think people who worry about being shot care if they are in a totalitarian or a communist country? But somehow we have spent $Billions to ensure that Iraqis can call the new tyranny a Democracy rather than a Tyranny. "Yeah. Can somebody turn on the candle?"
Nothing addressed the fact that Dick Cheney and Bush sat on their ass for 2.5 hours waiting for a plane to hit, without telling the jets to take them out. Compared with an average of 15 minute intercepts for 99 planes before 9/11 which went off their transponders.
The next horrible thing that happens-- I can guarantee that there will be an investigation. I just want a refund. Get rid of all this useless window dressing and give me my kids money back. Nothing has been done to secure cargo holds, chemical plants or other targets. Only to secure the government from the people. Tracking what I buy or what I read doesn't stop terrorism. But it does stop people from being empowered to make change -- or improve targeted campaigning.
Whatever. Those who get it already understand. And those idiots that voted for Bush -- well, by the time they get out of denial, it will be too late to care what is in their heads. Doesn't really matter if they vote against Bush next time or not, unless there is a 75% majority, anything less will be swept under the carpet.
And this matters how??? (Score:3, Interesting)
It's easy to pick holes in the lack of backup of a system, but it's pointless when the system has no utility to begin with.
Moderators, please mod parent up. (Score:2)
Re:And this matters how??? (Score:2)
Striking coincidence...
omg!!11! (Score:1)
Say it ain't so!
Careful What You Wish For (Score:2)
Re:Careful What You Wish For (Score:2)
But wait! After Pearl Harbor Roosevelt didn't say 'Let's go shopping!'. Which is precisely what Bush Cheney said after 9/11 so maybe you are right....
Re:Careful What You Wish For (Score:2)
It's probably going to take a Pearl Harbor style disaster for them to do something...
They are doing something. They're taking a pile of your tax dollars and using it to collect information on you while simultaneously giving huge amounts of money to all sorts of ex-cons and ex-govt officials in a variety of security industries. Or did you mean you wish they would do something about improving their computer security or inconveniencing terrorists. Fat chance of that.
They did wake up! (Score:2)
They only have to post his information on their servers and the hackers will stay away.
Re:Careful What You Wish For (Score:2)
The increasing diplomatic confrontations and economic sanctions against Japan by the United States and others, compounded by Japan's undeclared war in China and the weakening of European control in Asian colonies, precipitated the war in the Pacific.
You can find this information here: http://www.mindef.gov.sg.nyud.net:8090/safti/poin
We have, like other countries. But you don't see those places being attacked with their own airplanes now do you?
Re:Careful What You Wish For (Score:2)
Not that the preceeding events aren't important in understanding the turning point itself. Which is why your mistake about American pressure on the Qaeda is important. The Qaeda is not a government like the Japanese enemy was, but bin Ladin and his network are the self-proclaimed army fighting the fight of their community, as they see it. Regardless of the legitimacy of their claim, or the obviously unacceptable methods in their fight, they are in fact responding to pressure from the US on that community. Decades of American pressure, like supporting the Saudi mob family that oppresses their people, stationing troops in their countries to keep cheap oil flowing to America, all the American military, political and economic complicity in perpetuating the artificial system of Arab/muslim countries, all take their toll. There are, of course, other partners in that oppression: the UK, France, Russia, all the other industrial powers which benefit from the oppression. But America is the most visible partner, especially because America seems more vulnerable to returned pressure, precisely because we say we represent democracy and freedom - all of which we oppose in their countries. Of course the Saudis, Iranians, Syrians, Egyptians, etc who oppress their own people are primarily responsible, but they're much harder to change, and certain to respond to direct pressure with deadly recriminations. Moreover, they're directly in control of their local propaganda. That immediate power, combined with the difficulty of harnessing Arab xenophobia in service of "fighting back" against other Arabs, focuses the response on America, rather than fellow Arabs. Of course the same mechanics drag in oversimplified versions of problems like Palestinian oppression (largely by Palestinians like Arafat partnering in perpetual war with Israelis), which again justifies attacking America as the weak link in that oppression.
There is no denying that billions of Arabs have been oppressed for many generations. And that Americans, and our European predecessors, have either led the oppression, or (more lately) supported proxies, for our economic, military and political benefit. Bin Ladin, his Qaeda network, and other terrorists are insane liars, capitalizing on that oppression to launch a coup, taking the reigns as the new oppressors. But we have to recognize that our complicity in their problems is both direct, and part of the root of the return pressure. What has changed on the Arab side of the oppression is the emergence of financed, organized leaders - and increased American vulnerability from terrible foreign policy and defence strategies which ignore the actual threats, or exploit them for more power, just like their terrorist counterparts. New changes are required to make the current unacceptable situation different. If we don't accept the truth about the current situation, and some of its causes we've long denied, we can't create a new situation that we can accept.
If you don't know how to do it... (Score:3, Insightful)
DHS has computer problems, sure, but the agency as a whole is a misguided waste of resources. It's probably better that it's computer systems don't work, otherwise they'd figure out a way to stop Ted Kennedy from driving or using an elevator in addition to not flying.
Re:If you don't know how to do it... (Score:2)
Add that the only agencies that could ever hope to get funding to do a computer system properly are not under DHS. The CIA, NSA, somewhere deep in the DoD, etc., they probably get the resources they need, but DHS is a cost for Congress to budget without immediate intelligence or defense benefits like spy satellites or cruise missiles.
Probably the biggest challenge for DHS is not computers, either, as it is probably raw man power. Thousands of miles of borders, compounded by interdependent economies, isn't an easy thing to deal with, for example.
Re:If you don't know how to do it... (Score:1)
Mary Jo Kopechne might not think that that's such a bad idea.
This could really suck... (Score:5, Insightful)
"I'm sorry, Sir, you can't board. Our screening system is down."
"I've got a ticket. I've shown you my papers. You (and every RFID hacker within 50 feet of my entire path through this airport) have scrutinized my RFID passport. I've given my decilitre of blood for biometric screening. The plane is about to close door and push off. I'm returning home after 18 months dodging RPGs and Kalashnikov fire in Bagdhad, and I'm still in uniform. And you're telling me I can't board because you can't be sure I'm actually not bin Laden in extremely clever disguise?"
"No, Sir, I'm telling you that you can't board. Our screening system is down."
"This is unacceptable. Who is your supervisor?"
"That is classified. Please wait here. [whispers into radio: "Got another Gitmo client for ya."]
Could? (was Re:This could really suck...) (Score:1)
This really tweaks me... (Score:2)
The above scenario really pisses me off, and it is a scenario that I see has a real probability of happening, all the more so because of the moronic alarmist intimidating position that the powers that be have taken about this whole national security thing. (Something similar, though not necessarily technology related happened during the "war" in Afghanistan when a wounded army Lt. was told he could not bring the wire clippers, that he could use to cut the wire holding his wounded jaw shut in case he started to choke, on the plane).
As a reservist, the scenario gets me going even more because I could see it happening to a fellow reservist. Not only do you have a brave young man or woman who has, regardless of whether you think it right or wrong, been dodging bullets and rockets in humvee's with barely improvised armour, but who has also made the sacrifice as a reservist, by being away from their family and their chosen life in the line of duty. To me, if one of my shipmates who'd been on a year's deployment over there had this happen to them, it would be the ultimate smack in the face. "Thanks for serving, here's what we think of you!"
I think by and large that most people, regardless of how they feel about the greater agenda, wouldn't hesitate to give a helping hand to that single instance of a citizen soldier. Except, of couse, for those big wigs who make policy, and to whom every man woman and child is guilty until proven innocent in the name of "homeland security".
*rant mode: disable*
Re:This really tweaks me... (Score:3, Insightful)
I'm not talking about special treatment nor do I think hassling members of the military is necessary. I suppose it comes down to the fact that I don't think anybody should be treated like that.
The real problem I have is that "homeland security" has decided that the idea of probable cause is unfashionable in this "terrorist" riddled day and age. I will grant the proceedure searching my luggage and my person for prohibited items at a security checkpoint. If I am not carrying any prohibited items, not doing anything illegal at the time, and if I am not acting in a clearly suspicious fashion, then airport security should have no probable cause to detain me.
The military of all groups is security concious. Servicemembers traveling on orders these days have multiple ways to authenticate who they are and account for their actions (we are required to carry official copies of our orders when we travel). If the military trusts these documents enough for their own security purposes, then airport security should, too. Otherwise, the whole trust metric breaks down.
Basically, if I show up at the security checkpoint with my military ID and orders, once I have been physically checked, why should they have any further need to detain or check me? Members of the military might not warrant special treatment but like it or not we are held to a different standard. If "homeland security" ignores that standard, then they're saying that it is as much as worthless, which is yet another slap in the face.
But George said it was OK! (Score:2, Insightful)
What do backups have to do with security? (Score:3, Interesting)
Re:What do backups have to do with security? (Score:2, Informative)
Re:What do backups have to do with security? (Score:2)
Exactly.
While backup processes are related to data retention policy, and such polieces are related to security, it's a gross oversimplification to assert that "NO BACKUPS = NO SECURITY" as Submitter has done.
Re:What do backups have to do with security? (Score:2)
(scratches head)
1. If you don't know what you had you don't know if what you have has been screwed with.
2. If you do get screwed with, it's critical to be able to restore from a known good system. Otherwise, game over; you have to rebuild from scratch and guess about what has/has not been compromised.
Anyone Surprised? (Score:1)
Re:Anyone Surprised? (Score:2)
Some do really well. My state's website is awesome. I found out how to start a sole prorpietorship and do sales tax within a few clicks of the mouse. It also helps my state has awesome laws for sole prorietorships and sales tax (no business license and a single page return for state and county tax!).
Sometimes, how a state government presents itself shows the overall health of that state. My state has a very level-headed approach, it seems, and tries hard to be reasonable to businesses. Some other states put on the red tape so thick, it is just pathetic...oh, and their websites suck, too.
"Extreme Hackers"? (Score:4, Funny)
People who crack Windows boxen while bungee jumping? Releasing IIS worms from a wi-fi enabled handheld in a canoe half-way down some whitewater rapids?
Or, y'know, just yet another pathetic attempt to make something fundamentally known and understood sound suddenly somehow exciting and dangerous?
Oh, and for reference? The "Extreme Hacker" your link's about was a 37 year-old script kiddie who Haxx0red Us government machines direct from his own home connection.
You couldn't get stupider (and less '1ee7) if you tried...
Re:"Extreme Hackers"? (Score:2)
Re:"Extreme Hackers"? (Score:2)
I thought the whole point of leetspeak was that you proved how much of a rebel you were by intentionally disregarding restrictive and arbitrary rules... like spelling, grammar and basic comprehensibility...
Look (Score:3, Insightful)
Is anyone really surprised that the Bush administration has done nothing significant right in the War on Terror?
The agencies still can't communicate, they're security holes in themselves, our resources are diverted to a fanatical war in Iraq that has nothing to do with terror in America, and we find that the greatest threat to the safety of Americans today is the lies the President told or ordered to be told in order to get 1500 kids killed in a place he admits we had no pressing reason to attack.
This isn't a troll. It's a list of the facts. Anyone disagreeing can disagree, but will be fighting the truth. Consider that before posting political dogma.
Re:Look (Score:3, Insightful)
. You don't have a clue about the facts. The Agencies DO co-operate (as indicated in the way some of the terrorists wannabes and funding sources have been rooted out here in the States), but they don't co-operate as well as they could. Do you really expect to change 25 yrs of Civil Servant attitudes in less than 4 yrs?
The War in Iraq has a LOT to do with terrorism. Saddam and his Baath party provided sanctuary, training camps and funding for Al-Queda. To deny that is to deny FACTS, hard evidence and the statements of terrorists themselves. He would have provided WMDs when he got his programs back together when the UN got tired to looking and went back home.
As long as Gov't agencies use Windoze there will be holes. As long as they employ humans mistakes will be made in either policy or implementation that cause holes. The issue is are they FINDING and closing the holes which I would say they are.
Typical liberal distortion of the facts, thinking no one remembers what the truth is within a few days.
Re:Look (Score:2)
Maybe you should read the 9/11 Commission's report.
Shortpoint: Iraq had no ties to Al-Qaeda, Bin Laden considered Saddam an foe rather than a friend.
The key phrase there is had no ties. Al-Qaeda seems pretty well integrated into Iraq now. Go us, I feel safer already. While Iraq is serving as a kind of lightning rod for terrorist activities, how long can it last?
Re:Look (Score:1)
Filthy liar! Here's just one thing [lessig.org] that the Department of Homeland Security has done to protect the homeland from terrorist threats. And you can bet that there are a million more stories just like that one!
what a surprise (Score:1)
Re:what a surprise (Score:2)
The Dubya regime and the neo-con allies in Congress are hard at work making private contactor airport security a reality again. They decided (1) that they don't want 60,000 new Federal workers joining Federal unions, (2) that they can't do any better hiring security workers (for what they are willing to pay them) than private contractors can, and (3) they are really only interested in the appearance of better airport security.
The people who service the planes on the tarmack, including the baggage handlers, do not pass through the same security screening that the airline passengers do. The bulk of air cargo never passes through any sort of screening process, just like our seaport cargo doesn't get screened.
A local TV news organization (Metro DC) went out to Dulles International Airport on the heels of a group of FAA security investigators in April or May of 2001. DIA's private airport security had previosly failed FAA security inspections. Someone (within FAA?) tipped off Dulles Airport regarding the "surprise" inspection, and airport security officers refused (on TV) to allow FAA inspectors onto airport property. A short few months later, and a commercial aircraft was hijacked from Dulles airport and flown into the Pentagon. That is the value of private airport security.
The biggest problem with the DHS under the Dubya regime is that the expansion of the Federal workforce is less desirable than the benefit of reducing terror threats. Similar problems can be seen with US Border Patrol, US Customs (seaports), and the TSA -- spending big bucks on flashy high technology equipment (that often doesn't work) is preferable to spending big bucks long term on more Federal employees. I have yet to see a buried seismic sensor or a UAV actually apprehend an unknown terrorist crossing our borders or slipping out of a cargo container -- that takes "boots on the ground".
And that is why I believe the DHS is an oxymoron. Having the DHS spend $6 Billion (plus) USD on a multiyear software contract with Microsoft for their server and desktop OSes merely confirms that conviction. And their inability to facilitate an IT strategy of redundency and viable backups underlines the problem.
These are not so much problems that can be better addressed by the private sector as they are problems with the corrupt regime currently in power.
Set an example? (Score:1)
"Should this agency strive to be good example for the rest of the country and protect against extreme hackers?"
No. It's not their job. If the institution has to exist, it should outsource the IT stuff.
When they founded the US government, they weren't trying to make a good example about computer security. They were trying to protect human rights. Let's stick to that. Everything else should be up to free enterprise.
Re:Set an example? (Score:1)
my opinion (Score:1, Troll)
Bam - that pops, it sizzles, as we say in the consulting biz. Simple yet EXTREMELY effective.
Now, if you want anymore advice, its gonna cost ya - ($450/hr)
Re:my opinion (Score:1)
You're an idiot if you let your thousands of underlings each take home their own personal copy of the classified data that they work on.
B
Re:my opinion (Score:2)
Actually, with the right encryption, it could work fairly well. Unrecoverable media failure (leaving the CD on a car dashboard) is mitigated by the huge redundancy.
Of course, there's only so much a CD or even a DVD can hold, so only the smallest businesses could do this.
Comment removed (Score:2)
Two Words: Plausible Deniability (Score:2)
Ideally they would be able to do a trade with those shifty HUD bastards whereby they trade funding for storage of embarrising documents;-)
This reminds me of a story... (Score:4, Funny)
Mgr: So how's it going? Blah blah blah...
Me: It's fine. Blah blah blah...
Mgr: So..um..did you ever "borrow" a copy of the source code to the Disaster Recovery solution that you single-handedly wrote? You know, for "posterity" reasons?
Me: Of course I didn't. That wouldn't be ethical for sure and probably would be illegal. Why do you ask?
Mgr: Well, it seems that the hard drive that your machine used crashed and we don't have a backup.
WTF? Backups and DR equate to 'security?' (Score:4, Insightful)
From the summary (no, I'm not going to RTFA when the subject and summary are so far out of whack):
Adequate backups were lacking for networks that ... in most cases failed to prepare sufficiently written disaster recovery plans that would ..."
So, if I have valid backups of all the patient data here, I guess those HIPAA security requirements are met, eh? Or do I have to have valid backups and a DR plan to achieve 'computer security' nirvana?
Now, if the issue were that their backup tapes were going offsite, unsecured and unencrypted, then the subject might make sense. But, this is silliness. Almost as silly as the DHS itself (hint: The Department of Homeland Security isn't supposed to keep the people safe from terrorists, it's supposed to keep the government safe...think about that one), but...whatever. (sigh)
Re:WTF? Backups and DR equate to 'security?' (Score:3, Informative)
What's this have to do with HIPAA?
Re:WTF? Backups and DR equate to 'security?' (Score:2)
DHS: (Score:1)
DHS backup plan (Score:2)
Internet Security threats and OS Guerilla warfare (Score:1)
Summarization of Events (Score:2)
Since 9/11, the goverment of USA has been granted extra money, extra legal rights, extra measures and lives to defend against the 'terrorist threat'. I find it extremely ironic, let me tell you why.
First, what did the government do in the last years to improve security? A lot of in-depth reports and analysis say that the results can be barely registered as an improvement, meanwhile being a major annoyance to the ordinary person. The terrorist threat will not be stopped by technology. Humans drive technological advancement and can defeat technology just the same way (if you consider humans to be an advanced piece of engineering, it can be seen clearly). The only way is to convince people, so basically through political and demographical measures, in which areas the USA managed to alienate a sizable chunk of the world after 9/11.
So what do you managed to do in 4 years? The threat level increased in your country by your own actions, working technological measures could have been taken to decrease that risk, but instead the government ended up scaring people to give them more rights and tools. My post is not only related to this particular article, since i try to paint the bigger picture. Placing this particular article in the context of the proposed extension of the Patriot act, the increase in government buerocracy, the laws which you cannot know about but are subject to, the discrimination of muslim people (at customs, and generally in the us administration), the questionable state of DMCA and associated measures, etc. indicates that people need to question the government's actions. To sum it up what i find extremely ironic is that the government promised security and an indefinite fight against a concept (terrorism) and in the process you ended up with less security and less rights.
Re:Summarization of Events (Score:2, Insightful)
No matter what the government (any government) does, it will not be to protect you, it will be to protect the government. Why do they ban firearms, yet the government has firearms.... is the government somehow more responsible than the individual? No.
As a matter of fact the governments of the world have laws that make them exempt from being responsible for anything.
From a global perspective, law abiding and responsible humans are screwed. As Geryon would say "I think the end of the world must be getting near. Hell is getting full."
Typical (Score:2)
3. I promise not to come in your mouth
2. The check is in the mail
1. We're from the Government & we're here to help you
computer security? (Score:1)
Backup != Security (Score:1, Interesting)
No kidding. Backups in one hand, security in the other. I'm sure
Sounds like an excuse to bring up other arguments, which it seems most on here have chosen to do.
"As a rather well-known cyber-security consultant (you'd know my $450/hr name, I guarantee it) at Foundstone, I can tell you what the problem is - the lack of a comprehensive, rehearsed disaster recovery plan. It really isn't that hard, to implement it correctly, I always recommend this (clients are always amazed by its brilliance and simplicity) - every night, copy all of your company's critical data to a CD, and have EACH EMPLOYEE TAKE HOME A COPY."
You've got to be kidding. This wouldn't even work for a business. So you are going to give EVERY employee access to everything in the business, trade secrets and all? And how are you going to ensure that the disc doesn't leave the employees possesion, and that old discs get destoryed? Plus, even the relatively small business that I work for has 20gig or more of things that should be backed up. How are you going to send that home? DVDs? Or an external backup drive for each employee?
And the key point that everyone seems to be missing is that the point of all this extra spending is to make Americans, on average, FEEL safer. Doesn't really have to be safer. It's all part of the media/government spin on the truth. The war has a lot to do with terrorism because without terrorism there wouldn't be a lot of support for what the gov wants to get done. It's all politics. Look, if 9/11 never happened, do you think anybody would really support the actions we are taking across seas? It was a perfect time for the gov to expand their control and finish the job on Iraq. Whether the gov did this "primetime for action" tactic on purpose or they truthfully believed in what they were reporting to the public is up for debate. I'm dissapointed and scared to see so many of my fellow citizens willfully give up many rights for "safety" from perceived threats. Reminds me of the mob and extortion money: "We'll provide you safety for this price".
Without politics, there would be a lot less crime. Why, you ask? Because there are a lot of measures that could be taken to drastically reduce crime that are poltically-incorrect or unpopular. Same goes for economic policy. There are times when a temporary tax hike would benefit the country immensely, yet no politician would want to back that platform.
It will be interesting to see what happens in the next few years. A lot of universities have adopted programs for computer security due to the increase in demand for KNOWLEDGABLE staff. Seems to me a lot of these guys were raised on networking and know little about security and forensics, at least compared to what they would be expected to know.
They need an audit (Score:1)
In Other News (Score:2)
"Government reported incompetent at everything, including invading other nations."
Film at 11.
Written Recovery Plan (Score:2)
So they don't have a written disaster recovery plan -- how terrible. I'm a DBA, and I have six or seven disaster recovery plans, all neatly typed, with lots of polysyllabic verbiage, designed to impress auditors. They have official stamps and signatures of various company officials, and are kept in various safes etc. Unfortunately, the short version all this wated paper and time is "If the server crashes, we'll restore it from backup. If local backups are not available, we'll use off-site backups."
So, having jumped through hoops, and burned a considerable number of company hours complying with ever-dumber requirements, can anybody tell me how this would actually help me recover from a real disaster? It's freaking common sense.
So, while they may not be setting a good example for us corporate drones, I have a hard time seeing this as a SECURITY FAILURE!. Get a grip -- their Sysops and DBA's probably have a clue about data recovery even without an official plan.
Re:And this is... (Score:3, Insightful)
If general public especially computer nerds say "eh whats new" then no one else is going to bother, coz the general public doesn't even realize they have to bother.
I know I am going in to a ramble mode but for gods sake their only job is security and they fuck it up royally and blame terrorists.
Re:Why does the word "homeland" (Score:2)