Forgot your password?
typodupeerror
Security United States Government Politics

Computer Security Lacking at Homeland Security 158

Posted by Zonk
from the security-is-in-the-name dept.
peter303 writes "The New York Times (reg. required) reports that computer backup procedures are woefully inadequate at 19 centers of the Department of Homeland Security. Should this agency strive to be good example for the rest of the country and protect against extreme hackers? " From the article: "Adequate backups were lacking for networks that screen airline passengers, that inspect goods moving across borders and that communicate with department employees and outside officials. Those same agencies, the auditors found, have in most cases failed to prepare sufficiently written disaster recovery plans that would guide operations if a main office or computer system was knocked out."
This discussion has been archived. No new comments can be posted.

Computer Security Lacking at Homeland Security

Comments Filter:
  • I'm torn... (Score:4, Insightful)

    by bluGill (862) on Thursday June 09, 2005 @12:18PM (#12769995)

    It is wrong that they don't have backups. However a lot of this data is stuff that I want to be on a server that crashes hard, without backups. Preferably in such a way that even disaster recovery places can't get the data back.

  • by ilyanep (823855) on Thursday June 09, 2005 @12:18PM (#12769999) Journal
    Don't take this as flamebait but I have the feeling that nobody's really trying hard enough to protect us. We stand an hour longer in the security line just so that people can bring explosives through in their shoes? Now they make us take our shoes off. What if someone brings explosives through in their pants?

    Same here...they pretend to try to catch terorists when in reality the next power failiure could knock the whole list out.
  • by shoppa (464619) on Thursday June 09, 2005 @12:24PM (#12770076)
    As a follow-up to my previous comment:
    If you don't know how to do it, YOU DON'T KNOW HOW TO DO IT ON A COMPUTER

    DHS has computer problems, sure, but the agency as a whole is a misguided waste of resources. It's probably better that it's computer systems don't work, otherwise they'd figure out a way to stop Ted Kennedy from driving or using an elevator in addition to not flying.

  • by idontgno (624372) on Thursday June 09, 2005 @12:24PM (#12770081) Journal
    Adequate backups were lacking for networks that screen airline passengers...

    "I'm sorry, Sir, you can't board. Our screening system is down."

    "I've got a ticket. I've shown you my papers. You (and every RFID hacker within 50 feet of my entire path through this airport) have scrutinized my RFID passport. I've given my decilitre of blood for biometric screening. The plane is about to close door and push off. I'm returning home after 18 months dodging RPGs and Kalashnikov fire in Bagdhad, and I'm still in uniform. And you're telling me I can't board because you can't be sure I'm actually not bin Laden in extremely clever disguise?"

    "No, Sir, I'm telling you that you can't board. Our screening system is down."

    "This is unacceptable. Who is your supervisor?"

    "That is classified. Please wait here. [whispers into radio: "Got another Gitmo client for ya."]

  • by Yonkeltron (720465) on Thursday June 09, 2005 @12:25PM (#12770086) Homepage
    This is very interesting news after Bush just got done saying how great the new patriot act is. It looks to me that our own security got lost while we were busy questioning the integrity of others. Between the roving wire-taps and the judge-less warrants, I think I deserve to know that the people taking away my information can keep it safe from others who would want to take it away.
  • by I confirm I'm not a (720413) on Thursday June 09, 2005 @12:27PM (#12770105) Journal

    Basically the only people who want to hack homeland security computers would be terrorists.

    ...and UFO researchers [slashdot.org]. Don't forget UFO researchers.

    ;-)

    Seriously, though, I'd tend to blame "hacking" like this on the intelligence and security services of foreign powers (and their domestic servants, etc) before I blamed terrorists. Terrorists tend to prefer, well, terror, preferably against a multitude of frightened civilians.

  • Re:And this is... (Score:3, Insightful)

    by rovingeyes (575063) on Thursday June 09, 2005 @12:29PM (#12770146)
    Yes, and if not it should be. There is so much fuss made by the goverment about the "security" that "Homeland Security" is going to provide this country and we even had to sacrifice a lot for that elusive "security". If that department is itself going to be a network like my home then I should be surprised.

    If general public especially computer nerds say "eh whats new" then no one else is going to bother, coz the general public doesn't even realize they have to bother.

    I know I am going in to a ramble mode but for gods sake their only job is security and they fuck it up royally and blame terrorists.

  • Look (Score:3, Insightful)

    by blair1q (305137) on Thursday June 09, 2005 @12:29PM (#12770149) Journal
    Come on.

    Is anyone really surprised that the Bush administration has done nothing significant right in the War on Terror?

    The agencies still can't communicate, they're security holes in themselves, our resources are diverted to a fanatical war in Iraq that has nothing to do with terror in America, and we find that the greatest threat to the safety of Americans today is the lies the President told or ordered to be told in order to get 1500 kids killed in a place he admits we had no pressing reason to attack.

    This isn't a troll. It's a list of the facts. Anyone disagreeing can disagree, but will be fighting the truth. Consider that before posting political dogma.
  • by khasim (1285) <brandioch.conner@gmail.com> on Thursday June 09, 2005 @12:34PM (#12770215)
    Don't take this as flamebait but I have the feeling that nobody's really trying hard enough to protect us.
    Hey, I agree with you on that.
    We stand an hour longer in the security line just so that people can bring explosives through in their shoes? Now they make us take our shoes off. What if someone brings explosives through in their pants?
    Yep. That's because no one is looking at the systems and processes with the intent of actually improving them.

    Instead, we have knee-jerk reactions from people who do NOT understand security who attempt to compensate for previous attacks with new rules/regs.
    Same here...they pretend to try to catch terorists when in reality the next power failiure could knock the whole list out.

    And the "pretend" is the problem. That's exactly what they're doing. And they're hoping that the public will accept that as them actually doing something about the problem.

    It's all about the public perception of the issue.

    The same as it is in all aspects of politics.

    As long as there isn't a power outage, they're doing a "good" job, as far as the public is concerned.

    If there is a power outage, then it comes down to whom they can blame.

    It's a lot easier and far more cost effective for the politicians to be re-active rather than pro-active.

    Which is why security is NOT something that ANYONE should allow a politician to be involved in.
  • by Mille Mots (865955) on Thursday June 09, 2005 @12:36PM (#12770233)
    From the title: Computer Security Lacking at Homeland Security

    From the summary (no, I'm not going to RTFA when the subject and summary are so far out of whack):

    Adequate backups were lacking for networks that ... in most cases failed to prepare sufficiently written disaster recovery plans that would ..."

    So, if I have valid backups of all the patient data here, I guess those HIPAA security requirements are met, eh? Or do I have to have valid backups and a DR plan to achieve 'computer security' nirvana?

    Now, if the issue were that their backup tapes were going offsite, unsecured and unencrypted, then the subject might make sense. But, this is silliness. Almost as silly as the DHS itself (hint: The Department of Homeland Security isn't supposed to keep the people safe from terrorists, it's supposed to keep the government safe...think about that one), but...whatever. (sigh)

  • Re:Look (Score:3, Insightful)

    by twiddlingbits (707452) on Thursday June 09, 2005 @12:44PM (#12770325)
    It IS Flamebait and you know it!

    . You don't have a clue about the facts. The Agencies DO co-operate (as indicated in the way some of the terrorists wannabes and funding sources have been rooted out here in the States), but they don't co-operate as well as they could. Do you really expect to change 25 yrs of Civil Servant attitudes in less than 4 yrs?

    The War in Iraq has a LOT to do with terrorism. Saddam and his Baath party provided sanctuary, training camps and funding for Al-Queda. To deny that is to deny FACTS, hard evidence and the statements of terrorists themselves. He would have provided WMDs when he got his programs back together when the UN got tired to looking and went back home.

    As long as Gov't agencies use Windoze there will be holes. As long as they employ humans mistakes will be made in either policy or implementation that cause holes. The issue is are they FINDING and closing the holes which I would say they are.

    Typical liberal distortion of the facts, thinking no one remembers what the truth is within a few days.
  • by Anonymous Coward on Thursday June 09, 2005 @12:53PM (#12770462)
    "Do you really expect to change 25 yrs of Civil Servant attitudes in less than 4 yrs?"

    After 9/11, yes. Or did that NOT change everything as the president keeps reminding us?

    "The War in Iraq has a LOT to do with terrorism."

    It had very little to do with it, and was far down the list of hot spots that needed attention. For one thing, they might have finished the job in Afghanistan, instead of allowing most of the country to fall back under the control of war lords and Taliban.

    "Saddam and his Baath party provided sanctuary, training camps and funding for Al-Queda. To deny that is to deny FACTS, hard evidence and the statements of terrorists themselves."

    He funded Palestinian terrorist activities, but had no connect to al Qaeda, except perhaps as a friend of a friend of a friend sort of thing. Bin Laden considered Saddam an enemy, after all.

    "He would have provided WMDs when he got his programs back together when the UN got tired to looking and went back home."

    The UN showed no inclination to go home, but was chased out of the country before they could get the job done by Bush in his rush to war. Think of all the American lives who could have been saved if Bush had just allowed the inspections to find out what we now all know: No WMDs.

  • by Baron von Blapp (767958) on Thursday June 09, 2005 @01:24PM (#12770955) Homepage
    More Government and More Laws (not to be confused with Moore's Law) never protected or "secured" anyone. Ever. Just look at Europe for example.

    No matter what the government (any government) does, it will not be to protect you, it will be to protect the government. Why do they ban firearms, yet the government has firearms.... is the government somehow more responsible than the individual? No.

    As a matter of fact the governments of the world have laws that make them exempt from being responsible for anything.

    From a global perspective, law abiding and responsible humans are screwed. As Geryon would say "I think the end of the world must be getting near. Hell is getting full."

  • by 4of12 (97621) on Thursday June 09, 2005 @02:39PM (#12772009) Homepage Journal
    Which is why security is NOT something that ANYONE should allow a politician to be involved in.

    Security? The same argument may be applied to politicians running the economy and creating legislation and regulations, too.

    Perhaps we ought to look into education so our peasants aren't so damn gullible to the wiles of politicians.

  • by Akardam (186995) on Thursday June 09, 2005 @02:57PM (#12772240)
    However, if members of the military were given special treatment at the border, it would create a rather obvious security hole ... I don't think it's a good thing to hassle members of the military on the way home, but if we're truly interested in securing the borders, it's necessary.

    I'm not talking about special treatment nor do I think hassling members of the military is necessary. I suppose it comes down to the fact that I don't think anybody should be treated like that.

    The real problem I have is that "homeland security" has decided that the idea of probable cause is unfashionable in this "terrorist" riddled day and age. I will grant the proceedure searching my luggage and my person for prohibited items at a security checkpoint. If I am not carrying any prohibited items, not doing anything illegal at the time, and if I am not acting in a clearly suspicious fashion, then airport security should have no probable cause to detain me.

    The military of all groups is security concious. Servicemembers traveling on orders these days have multiple ways to authenticate who they are and account for their actions (we are required to carry official copies of our orders when we travel). If the military trusts these documents enough for their own security purposes, then airport security should, too. Otherwise, the whole trust metric breaks down.

    Basically, if I show up at the security checkpoint with my military ID and orders, once I have been physically checked, why should they have any further need to detain or check me? Members of the military might not warrant special treatment but like it or not we are held to a different standard. If "homeland security" ignores that standard, then they're saying that it is as much as worthless, which is yet another slap in the face.
  • by geoff lane (93738) on Thursday June 09, 2005 @03:45PM (#12772890)
    If you do have a bomb, a long queue of annoyed, tired travellers in a crowded airport looks a lot like a lovely soft target. Why try to get on the plane?
  • by Pollardito (781263) on Thursday June 09, 2005 @03:58PM (#12773070)
    it's not really about protecting us. it's about having a reason to issue contracts to the same companies that would be producing items for our military if we still had a credible opposing superpower. i for one feel a little warm fuzzy that they even bother to come up with these flimsy excuses. they wouldn't lie to us if they didn't care what we thought
  • Clarification (Score:1, Insightful)

    by Anonymous Coward on Thursday June 09, 2005 @04:59PM (#12773757)
    I'm not talking about special treatment nor do I think hassling members of the military is necessary. I suppose it comes down to the fact that I don't think anybody should be treated like that.

    Agreed. What I should have said is "Members of the military should be exactly as likely to be hassled exactly as much as any other poor schmuck." I don't think that the tyrant-in-a-teapot sort of behavior of many members of the TSA is making anyone safer, and I don't approve of it at all. I just think that if it's going to happen, it would be most safe and most fair to have it dished out uniformly.

    If the military trusts these documents enough for their own security purposes, then airport security should, too.

    There, I'm not sure I agree. That's expecting a lot of knowledge (training) from the airline security folks. Some of that knowledge is probably the sort of thing that someone like you has absorbed by immersion in military culture, so to you it seems like simple, obvious, common-sense stuff. It wouldn't be to outsiders like the TSA inspectors, though. Something like this could actually make new problems for members of the military, given the TSA's record so far.

    And no matter how you slice it, accepting a different (military) form of documentation from one class of passengers (military) is a form of "special treatment". Not in the sense of privileged treatment, but in the sense of a special case. Special cases tend to be where mistakes happen, whether one is writing computer code, or, I'd guess, securing an airport. I think that special cases should be avoided in principle if possible.

Facts are stubborn, but statistics are more pliable.

Working...