Computer Security Lacking at Homeland Security 158
peter303 writes "The New York Times (reg. required) reports that computer backup procedures are woefully inadequate at 19 centers of the Department of Homeland Security. Should this agency strive to be good example for the rest of the country and protect against extreme hackers? " From the article: "Adequate backups were lacking for networks that screen airline passengers, that inspect goods moving across borders and that communicate with department employees and outside officials.
Those same agencies, the auditors found, have in most cases failed to prepare sufficiently written disaster recovery plans that would guide operations if a main office or computer system was knocked out."
I'm torn... (Score:4, Insightful)
It is wrong that they don't have backups. However a lot of this data is stuff that I want to be on a server that crashes hard, without backups. Preferably in such a way that even disaster recovery places can't get the data back.
It's all an Illusion (Score:5, Insightful)
Same here...they pretend to try to catch terorists when in reality the next power failiure could knock the whole list out.
If you don't know how to do it... (Score:3, Insightful)
DHS has computer problems, sure, but the agency as a whole is a misguided waste of resources. It's probably better that it's computer systems don't work, otherwise they'd figure out a way to stop Ted Kennedy from driving or using an elevator in addition to not flying.
This could really suck... (Score:5, Insightful)
"I'm sorry, Sir, you can't board. Our screening system is down."
"I've got a ticket. I've shown you my papers. You (and every RFID hacker within 50 feet of my entire path through this airport) have scrutinized my RFID passport. I've given my decilitre of blood for biometric screening. The plane is about to close door and push off. I'm returning home after 18 months dodging RPGs and Kalashnikov fire in Bagdhad, and I'm still in uniform. And you're telling me I can't board because you can't be sure I'm actually not bin Laden in extremely clever disguise?"
"No, Sir, I'm telling you that you can't board. Our screening system is down."
"This is unacceptable. Who is your supervisor?"
"That is classified. Please wait here. [whispers into radio: "Got another Gitmo client for ya."]
But George said it was OK! (Score:2, Insightful)
Re:Who needs good security on homeland computers? (Score:4, Insightful)
Basically the only people who want to hack homeland security computers would be terrorists.
...and UFO researchers [slashdot.org]. Don't forget UFO researchers.
;-)
Seriously, though, I'd tend to blame "hacking" like this on the intelligence and security services of foreign powers (and their domestic servants, etc) before I blamed terrorists. Terrorists tend to prefer, well, terror, preferably against a multitude of frightened civilians.
Re:And this is... (Score:3, Insightful)
If general public especially computer nerds say "eh whats new" then no one else is going to bother, coz the general public doesn't even realize they have to bother.
I know I am going in to a ramble mode but for gods sake their only job is security and they fuck it up royally and blame terrorists.
Look (Score:3, Insightful)
Is anyone really surprised that the Bush administration has done nothing significant right in the War on Terror?
The agencies still can't communicate, they're security holes in themselves, our resources are diverted to a fanatical war in Iraq that has nothing to do with terror in America, and we find that the greatest threat to the safety of Americans today is the lies the President told or ordered to be told in order to get 1500 kids killed in a place he admits we had no pressing reason to attack.
This isn't a troll. It's a list of the facts. Anyone disagreeing can disagree, but will be fighting the truth. Consider that before posting political dogma.
It's not about security, only the perception of it (Score:5, Insightful)
Yep. That's because no one is looking at the systems and processes with the intent of actually improving them.
Instead, we have knee-jerk reactions from people who do NOT understand security who attempt to compensate for previous attacks with new rules/regs.
And the "pretend" is the problem. That's exactly what they're doing. And they're hoping that the public will accept that as them actually doing something about the problem.
It's all about the public perception of the issue.
The same as it is in all aspects of politics.
As long as there isn't a power outage, they're doing a "good" job, as far as the public is concerned.
If there is a power outage, then it comes down to whom they can blame.
It's a lot easier and far more cost effective for the politicians to be re-active rather than pro-active.
Which is why security is NOT something that ANYONE should allow a politician to be involved in.
WTF? Backups and DR equate to 'security?' (Score:4, Insightful)
From the summary (no, I'm not going to RTFA when the subject and summary are so far out of whack):
Adequate backups were lacking for networks that ... in most cases failed to prepare sufficiently written disaster recovery plans that would ..."
So, if I have valid backups of all the patient data here, I guess those HIPAA security requirements are met, eh? Or do I have to have valid backups and a DR plan to achieve 'computer security' nirvana?
Now, if the issue were that their backup tapes were going offsite, unsecured and unencrypted, then the subject might make sense. But, this is silliness. Almost as silly as the DHS itself (hint: The Department of Homeland Security isn't supposed to keep the people safe from terrorists, it's supposed to keep the government safe...think about that one), but...whatever. (sigh)
Re:Look (Score:3, Insightful)
. You don't have a clue about the facts. The Agencies DO co-operate (as indicated in the way some of the terrorists wannabes and funding sources have been rooted out here in the States), but they don't co-operate as well as they could. Do you really expect to change 25 yrs of Civil Servant attitudes in less than 4 yrs?
The War in Iraq has a LOT to do with terrorism. Saddam and his Baath party provided sanctuary, training camps and funding for Al-Queda. To deny that is to deny FACTS, hard evidence and the statements of terrorists themselves. He would have provided WMDs when he got his programs back together when the UN got tired to looking and went back home.
As long as Gov't agencies use Windoze there will be holes. As long as they employ humans mistakes will be made in either policy or implementation that cause holes. The issue is are they FINDING and closing the holes which I would say they are.
Typical liberal distortion of the facts, thinking no one remembers what the truth is within a few days.
You are the one distorting the facts (Score:0, Insightful)
After 9/11, yes. Or did that NOT change everything as the president keeps reminding us?
"The War in Iraq has a LOT to do with terrorism."
It had very little to do with it, and was far down the list of hot spots that needed attention. For one thing, they might have finished the job in Afghanistan, instead of allowing most of the country to fall back under the control of war lords and Taliban.
"Saddam and his Baath party provided sanctuary, training camps and funding for Al-Queda. To deny that is to deny FACTS, hard evidence and the statements of terrorists themselves."
He funded Palestinian terrorist activities, but had no connect to al Qaeda, except perhaps as a friend of a friend of a friend sort of thing. Bin Laden considered Saddam an enemy, after all.
"He would have provided WMDs when he got his programs back together when the UN got tired to looking and went back home."
The UN showed no inclination to go home, but was chased out of the country before they could get the job done by Bush in his rush to war. Think of all the American lives who could have been saved if Bush had just allowed the inspections to find out what we now all know: No WMDs.
Re:Summarization of Events (Score:2, Insightful)
No matter what the government (any government) does, it will not be to protect you, it will be to protect the government. Why do they ban firearms, yet the government has firearms.... is the government somehow more responsible than the individual? No.
As a matter of fact the governments of the world have laws that make them exempt from being responsible for anything.
From a global perspective, law abiding and responsible humans are screwed. As Geryon would say "I think the end of the world must be getting near. Hell is getting full."
Re:It's not about security, only the perception of (Score:5, Insightful)
Security? The same argument may be applied to politicians running the economy and creating legislation and regulations, too.
Perhaps we ought to look into education so our peasants aren't so damn gullible to the wiles of politicians.
Re:This really tweaks me... (Score:3, Insightful)
I'm not talking about special treatment nor do I think hassling members of the military is necessary. I suppose it comes down to the fact that I don't think anybody should be treated like that.
The real problem I have is that "homeland security" has decided that the idea of probable cause is unfashionable in this "terrorist" riddled day and age. I will grant the proceedure searching my luggage and my person for prohibited items at a security checkpoint. If I am not carrying any prohibited items, not doing anything illegal at the time, and if I am not acting in a clearly suspicious fashion, then airport security should have no probable cause to detain me.
The military of all groups is security concious. Servicemembers traveling on orders these days have multiple ways to authenticate who they are and account for their actions (we are required to carry official copies of our orders when we travel). If the military trusts these documents enough for their own security purposes, then airport security should, too. Otherwise, the whole trust metric breaks down.
Basically, if I show up at the security checkpoint with my military ID and orders, once I have been physically checked, why should they have any further need to detain or check me? Members of the military might not warrant special treatment but like it or not we are held to a different standard. If "homeland security" ignores that standard, then they're saying that it is as much as worthless, which is yet another slap in the face.
Re:It's all an Illusion (Score:3, Insightful)
Re:It's all an Illusion (Score:2, Insightful)
Clarification (Score:1, Insightful)
Agreed. What I should have said is "Members of the military should be exactly as likely to be hassled exactly as much as any other poor schmuck." I don't think that the tyrant-in-a-teapot sort of behavior of many members of the TSA is making anyone safer, and I don't approve of it at all. I just think that if it's going to happen, it would be most safe and most fair to have it dished out uniformly.
If the military trusts these documents enough for their own security purposes, then airport security should, too.
There, I'm not sure I agree. That's expecting a lot of knowledge (training) from the airline security folks. Some of that knowledge is probably the sort of thing that someone like you has absorbed by immersion in military culture, so to you it seems like simple, obvious, common-sense stuff. It wouldn't be to outsiders like the TSA inspectors, though. Something like this could actually make new problems for members of the military, given the TSA's record so far.
And no matter how you slice it, accepting a different (military) form of documentation from one class of passengers (military) is a form of "special treatment". Not in the sense of privileged treatment, but in the sense of a special case. Special cases tend to be where mistakes happen, whether one is writing computer code, or, I'd guess, securing an airport. I think that special cases should be avoided in principle if possible.