Forgot your password?
typodupeerror
Security United States Government Politics

Computer Security Lacking at Homeland Security 158

Posted by Zonk
from the security-is-in-the-name dept.
peter303 writes "The New York Times (reg. required) reports that computer backup procedures are woefully inadequate at 19 centers of the Department of Homeland Security. Should this agency strive to be good example for the rest of the country and protect against extreme hackers? " From the article: "Adequate backups were lacking for networks that screen airline passengers, that inspect goods moving across borders and that communicate with department employees and outside officials. Those same agencies, the auditors found, have in most cases failed to prepare sufficiently written disaster recovery plans that would guide operations if a main office or computer system was knocked out."
This discussion has been archived. No new comments can be posted.

Computer Security Lacking at Homeland Security

Comments Filter:
  • HA! (Score:2, Funny)

    by uberjoe (726765) on Thursday June 09, 2005 @12:16PM (#12769972)
    Oh what a delicious irony. Insecurity and the Dept of Security.
  • by DotNM (737979) * <matt@NoSpAM.mattdean.ca> on Thursday June 09, 2005 @12:17PM (#12769985) Homepage
    ... for every little thing we want to read.... User ID: slashdotreader Password: slashdot
  • I'm torn... (Score:4, Insightful)

    by bluGill (862) on Thursday June 09, 2005 @12:18PM (#12769995)

    It is wrong that they don't have backups. However a lot of this data is stuff that I want to be on a server that crashes hard, without backups. Preferably in such a way that even disaster recovery places can't get the data back.

    • by ImaLamer (260199) <john.lamar@NOspAM.gmail.com> on Thursday June 09, 2005 @12:42PM (#12770308) Homepage Journal
      What scares me is that this new agency is losing its records. Data loss is a security issue always, but now when we are paying people to do a job on our behalf.

      If another 9/11 happens do you want them to be able to look at their records? What if they are fsck'n the system on our dime?

      Just store them on a backup machine nicknamed "Deep Throat".
    • by Stanistani (808333) on Thursday June 09, 2005 @12:47PM (#12770357) Homepage Journal
      No backups... disaster for DHS... added protection for the people who are listed on their servers... most of the identity information that's 'gone missing' lately has been from mislaid backup tapes.
    • Re:I'm torn... (Score:1, Flamebait)

      by ScentCone (795499) on Thursday June 09, 2005 @12:52PM (#12770436)
      However a lot of this data is stuff that I want to be on a server that crashes hard, without backups. Preferably in such a way that even disaster recovery places can't get the data back.

      Um... because you'd rather that security is handled by systems that can mine for threats in real time, all the time, so they don't have to worry about it? Or, because you're really not worried about the foreign national who's overstayed his visa, but who took pilot lessons, just spent a couple of months touring the scenic mountains of northern Pakistan, doesn't file taxes but spends a lot on wholesale chemicals and used dental xray equipment, and wires a lot of money to Hamas? Definately we don't want that info available, even in profile/status form, when he's booking a seat on a flight back into Dulles, or trying to get a license to drive 18-wheelers tankers for his new job at the fuel delivery company or signing up at the railyard where they load chlorine by the megaliter.
      • by ScentCone (795499) on Thursday June 09, 2005 @02:37PM (#12771990)
        Ah! The Flamebait Of Truth Mod! That's my favorite kind - it means I'm strking a chort. The GP thinks that DHS's systems might be better off trashed, but offers no notion of how he'd approach dealing with exactly the sort of issues that I just raised. The mod down means that there are at least two people that clueless.
    • by gstoddart (321705) on Thursday June 09, 2005 @01:41PM (#12771206) Homepage
      It is wrong that they don't have backups. However a lot of this data is stuff that I want to be on a server that crashes hard, without backups. Preferably in such a way that even disaster recovery places can't get the data back.

      As much as they're functioning as an evil entity ....

      If they are going to gather information which will be used to imprison people, strip them of their rights, or all of the other things they are doing, it behooves them to have accurate records.

      Otherwise, what happens when they 'lose' the data that got you held under a special ticket that says nobody gets to know where you are, but keep the data that indicates you're still evil.

      Is tha internal check going to say "anyone whose incriminating data has been lost is freed"??? No, they're going to say the reasons are still friggin' classified and that this person really does need to be secluded without a lawyer for even longer.

      They've been given powers whcich seem well outside the usual rule of law. If they're incapable of going to extra-ordinary lengths to preserve data integrity, then as an organization, they don't deserve such far reaching powers.
  • by CrazyJim1 (809850) on Thursday June 09, 2005 @12:18PM (#12769998) Journal
    If they can trace down who's hacking them, they deserve a stiff jail time. Any one who attempts to hack homeland security computers knows that they're going to get serious jail time. Basically the only people who want to hack homeland security computers would be terrorists.
  • by ilyanep (823855) on Thursday June 09, 2005 @12:18PM (#12769999) Journal
    Don't take this as flamebait but I have the feeling that nobody's really trying hard enough to protect us. We stand an hour longer in the security line just so that people can bring explosives through in their shoes? Now they make us take our shoes off. What if someone brings explosives through in their pants?

    Same here...they pretend to try to catch terorists when in reality the next power failiure could knock the whole list out.
    • by Conspiracy_Of_Doves (236787) on Thursday June 09, 2005 @12:24PM (#12770079)
      Well of course. I thought that everyone knew that the government doesn't really give a damn about the people. It just needs to put on a good show so that the unintelligent majority can sit back and watch thier sitcoms and never actually think about anything.
    • by khasim (1285) <brandioch.conner@gmail.com> on Thursday June 09, 2005 @12:34PM (#12770215)
      Don't take this as flamebait but I have the feeling that nobody's really trying hard enough to protect us.
      Hey, I agree with you on that.
      We stand an hour longer in the security line just so that people can bring explosives through in their shoes? Now they make us take our shoes off. What if someone brings explosives through in their pants?
      Yep. That's because no one is looking at the systems and processes with the intent of actually improving them.

      Instead, we have knee-jerk reactions from people who do NOT understand security who attempt to compensate for previous attacks with new rules/regs.
      Same here...they pretend to try to catch terorists when in reality the next power failiure could knock the whole list out.

      And the "pretend" is the problem. That's exactly what they're doing. And they're hoping that the public will accept that as them actually doing something about the problem.

      It's all about the public perception of the issue.

      The same as it is in all aspects of politics.

      As long as there isn't a power outage, they're doing a "good" job, as far as the public is concerned.

      If there is a power outage, then it comes down to whom they can blame.

      It's a lot easier and far more cost effective for the politicians to be re-active rather than pro-active.

      Which is why security is NOT something that ANYONE should allow a politician to be involved in.
      • If there is a power outage, then it comes down to whom they can blame.

        I think this is my favorite part. SOP is to appoint a panel and narrowly define their charge. Extra points if the committee doesn't have subpoena power.

        After a year or so, the panel finds that no single person is to blame, and that the "culture" needs to change. They write a report. Maybe people read it. The report goes on a shelf. Nobody loses their job. Eventually, things will hit the fan again and a new panel can be appointed. Witness the Challenger and Columbia reports.

        The 9/11 panel is one of the few to have any kind of follow through, and they are doing on their own.

      • by 4of12 (97621) on Thursday June 09, 2005 @02:39PM (#12772009) Homepage Journal
        Which is why security is NOT something that ANYONE should allow a politician to be involved in.

        Security? The same argument may be applied to politicians running the economy and creating legislation and regulations, too.

        Perhaps we ought to look into education so our peasants aren't so damn gullible to the wiles of politicians.

    • by Tackhead (54550) on Thursday June 09, 2005 @12:36PM (#12770236)
      > I have the feeling that nobody's really trying hard enough to protect us. We stand an hour longer in the security line just so that people can bring explosives through in their shoes? Now they make us take our shoes off. What if someone brings explosives through in their pants?

      ...then evolutionary pressures start to select in favor of people like the Goatse Guy?

      Seriously - that was the biggest disappointment about the shoe-bomber case. If he'd only smuggled the bomb up his ass, the simple act of getting in line at the airport would be a lot more fun.

      Imagine hearing stuff like "Excuse me, ma'am, I think you're kinda cute, and since I'm kinda average, and since the guy front of me is obviously better-looking than me, and since the guy standing behind you is obviously gay, I think that three out of the four of us would be happier if you and I switched places. How 'bout it?"

      Everybody wins!

    • by CHESTER COPPERPOT (864371) on Thursday June 09, 2005 @12:42PM (#12770299)
      Your friends in the war on terror over here in Australia plainly don't care about security either. In the last few weeks we've found dodgy baggage handlers [chinabroadcast.cn] in the airports, a chinese diplomat [abc.net.au] who is trying to defect and says that Australia is infested with chinese spies and threats against foreign countries embassies [nzherald.co.nz] within our own soil.

      Governments are hopeless at dealing with security. They are slow, lack innovative thinking and care more for their own careers than for their constituents. What matters most is whether or not you can protect yourself, your assets and your family when (if) the time comes. Then you can rid your mind of all the political and media led one-upmanship that comes along with security and the war on terrorism and get more important things done in life.

    • by pointbeing (701902) on Thursday June 09, 2005 @01:21PM (#12770915)
      Don't take this as flamebait but I have the feeling that nobody's really trying hard enough to protect us. We stand an hour longer in the security line just so that people can bring explosives through in their shoes? Now they make us take our shoes off. What if someone brings explosives through in their pants?

      Considering that IMO probably 98% of all the people in the world should never be seen naked I'd vote for gouging my eyes out, I think.

      On a happier note, it's also my opinion that the remaining 2% of the population should be prohibited from wearing clothing at any time.

    • by Bios_Hakr (68586) <xpticalNO@SPAMgmail.com> on Thursday June 09, 2005 @02:21PM (#12771746) Homepage
      Something I've wondered is when the terrorists will actually have the explosives INSIDE them. Fuck, if you are gonna die anyway, just pull out a kidney or pack some explosives inside a lung.

      The main problem will be to get the guy so drugged he won't care about the stitches/pain yet will still be able to physically board the plane.

      It'd be even better to use a post-partum woman. She'd already have a lot of room and wouldn't really require surgery to implant the explosives. It'd be hard to get a woman recruited into their little cult, but if they kidnap a baby and promise to release the child if the woman goes with their plan, I'm sure they'd get a few willing moms.

      Just remember: The next thing will be something we don't expect. Kinda like the Inquisition.
    • by rsadelle (719824) on Thursday June 09, 2005 @02:35PM (#12771954)
      Oh, yeah, thanks for the image. "Are you happy to see me or are those explosives in your pants?"
    • by geoff lane (93738) on Thursday June 09, 2005 @03:45PM (#12772890)
      If you do have a bomb, a long queue of annoyed, tired travellers in a crowded airport looks a lot like a lovely soft target. Why try to get on the plane?
    • by Pollardito (781263) on Thursday June 09, 2005 @03:58PM (#12773070)
      it's not really about protecting us. it's about having a reason to issue contracts to the same companies that would be producing items for our military if we still had a credible opposing superpower. i for one feel a little warm fuzzy that they even bother to come up with these flimsy excuses. they wouldn't lie to us if they didn't care what we thought
    • by Vitriol+Angst (458300) on Friday June 10, 2005 @10:20AM (#12779575)
      Absolutely.

      There is nothing about these security checks that is going to stop a real threat. It is a chance to spend money (power) and hire people (influence) to keep up employment (but not a public works program because its security and military--wink, wink). Making people wait in line is just training for our glorious future. Does it matter what you call your government if it just plane sucks?

      I see absolutely NO concern about terrorism from this government. I just see window dressing. Terrorism should be treated as a crime--not by attacking the innocent and creating a greater threat. We have to change conditions that we have created (not all of this is our fault, but a good bit is under our control --like propping up the Saudis).

      Do you think people who worry about being shot care if they are in a totalitarian or a communist country? But somehow we have spent $Billions to ensure that Iraqis can call the new tyranny a Democracy rather than a Tyranny. "Yeah. Can somebody turn on the candle?"

      Nothing addressed the fact that Dick Cheney and Bush sat on their ass for 2.5 hours waiting for a plane to hit, without telling the jets to take them out. Compared with an average of 15 minute intercepts for 99 planes before 9/11 which went off their transponders.

      The next horrible thing that happens-- I can guarantee that there will be an investigation. I just want a refund. Get rid of all this useless window dressing and give me my kids money back. Nothing has been done to secure cargo holds, chemical plants or other targets. Only to secure the government from the people. Tracking what I buy or what I read doesn't stop terrorism. But it does stop people from being empowered to make change -- or improve targeted campaigning.

      Whatever. Those who get it already understand. And those idiots that voted for Bush -- well, by the time they get out of denial, it will be too late to care what is in their heads. Doesn't really matter if they vote against Bush next time or not, unless there is a 75% majority, anything less will be swept under the carpet.
  • by shoppa (464619) on Thursday June 09, 2005 @12:21PM (#12770031)
    What difference does it make whether you have backup hardware/network/software ready when the primary doesn't even do the desired job? The government as a whole spends billions every year to attempt to refine ill-defined requirements into working productive systems that fill real needs. The DHS has never succeeded in producing such a system.

    It's easy to pick holes in the lack of backup of a system, but it's pointless when the system has no utility to begin with.

  • by RetroRichie (259581) on Thursday June 09, 2005 @12:22PM (#12770055)
    Something is lacking at Homeland Security???

    Say it ain't so!
  • by Doc Ruby (173196) on Thursday June 09, 2005 @12:22PM (#12770057) Homepage Journal
    When are people in Washington going to wake up? It's probably going to take a Pearl Harbor style disaster for them to do something...
    • by plopez (54068) on Thursday June 09, 2005 @12:37PM (#12770249) Journal
      I thought 9/11 WAS Pearl Harbor.

      But wait! After Pearl Harbor Roosevelt didn't say 'Let's go shopping!'. Which is precisely what Bush Cheney said after 9/11 so maybe you are right....
    • by 99BottlesOfBeerInMyF (813746) on Thursday June 09, 2005 @01:15PM (#12770828)

      It's probably going to take a Pearl Harbor style disaster for them to do something...

      They are doing something. They're taking a pile of your tax dollars and using it to collect information on you while simultaneously giving huge amounts of money to all sorts of ex-cons and ex-govt officials in a variety of security industries. Or did you mean you wish they would do something about improving their computer security or inconveniencing terrorists. Fat chance of that.

    • by Teun (17872) on Thursday June 09, 2005 @01:32PM (#12771059) Homepage
      And are now protecrted by things like the Patriot act that disallows you to share their information and other laws that make cracking illegal in the first place.

      They only have to post his information on their servers and the hackers will stay away.

    • by zoloto (586738) * on Thursday June 09, 2005 @01:58PM (#12771444)
      If you remember from your history class, Pearl Harbor was in direct responce to the United States economic and political pressures, which were at the time, quite a misperception.

      The increasing diplomatic confrontations and economic sanctions against Japan by the United States and others, compounded by Japan's undeclared war in China and the weakening of European control in Asian colonies, precipitated the war in the Pacific.

      You can find this information here: http://www.mindef.gov.sg.nyud.net:8090/safti/point er/back/journals/2000/Vol26_1/5.htm [nyud.net] and search on google for more information. Don't mistakenly call 9/11/01 anything similar to Pearl Harbor. We didn't sanction the terrorists or put any political pressure on them, but the we did to the Japanese. The terrorists or muslim extremists, or whatever you want to call them, were NOT provoked. They simply call us heathans, infidels and say we've been interfering for generations.

      We have, like other countries. But you don't see those places being attacked with their own airplanes now do you?
      • by Doc Ruby (173196) on Thursday June 09, 2005 @02:28PM (#12771838) Homepage Journal
        Pearl Harbor was, in retrospect (the only perspective that matters today), important as the galvanizing event sending the American public to war against the Japanese, regardless of the prior interest of the American government. Or prior provocation. The Qaeda WTC/Pentagon planebombings were the same: galvanizing event, sending Americans ourselves to war against "Terror". We already had several prior attacks, including the USS Cole, African embassies, even the 1993 WTC bombing. But the planebombings galvanized the public, sending us to war. That is the nature of the event to which I referred, sarcastically, in my post.

        Not that the preceeding events aren't important in understanding the turning point itself. Which is why your mistake about American pressure on the Qaeda is important. The Qaeda is not a government like the Japanese enemy was, but bin Ladin and his network are the self-proclaimed army fighting the fight of their community, as they see it. Regardless of the legitimacy of their claim, or the obviously unacceptable methods in their fight, they are in fact responding to pressure from the US on that community. Decades of American pressure, like supporting the Saudi mob family that oppresses their people, stationing troops in their countries to keep cheap oil flowing to America, all the American military, political and economic complicity in perpetuating the artificial system of Arab/muslim countries, all take their toll. There are, of course, other partners in that oppression: the UK, France, Russia, all the other industrial powers which benefit from the oppression. But America is the most visible partner, especially because America seems more vulnerable to returned pressure, precisely because we say we represent democracy and freedom - all of which we oppose in their countries. Of course the Saudis, Iranians, Syrians, Egyptians, etc who oppress their own people are primarily responsible, but they're much harder to change, and certain to respond to direct pressure with deadly recriminations. Moreover, they're directly in control of their local propaganda. That immediate power, combined with the difficulty of harnessing Arab xenophobia in service of "fighting back" against other Arabs, focuses the response on America, rather than fellow Arabs. Of course the same mechanics drag in oversimplified versions of problems like Palestinian oppression (largely by Palestinians like Arafat partnering in perpetual war with Israelis), which again justifies attacking America as the weak link in that oppression.

        There is no denying that billions of Arabs have been oppressed for many generations. And that Americans, and our European predecessors, have either led the oppression, or (more lately) supported proxies, for our economic, military and political benefit. Bin Ladin, his Qaeda network, and other terrorists are insane liars, capitalizing on that oppression to launch a coup, taking the reigns as the new oppressors. But we have to recognize that our complicity in their problems is both direct, and part of the root of the return pressure. What has changed on the Arab side of the oppression is the emergence of financed, organized leaders - and increased American vulnerability from terrible foreign policy and defence strategies which ignore the actual threats, or exploit them for more power, just like their terrorist counterparts. New changes are required to make the current unacceptable situation different. If we don't accept the truth about the current situation, and some of its causes we've long denied, we can't create a new situation that we can accept.
  • by shoppa (464619) on Thursday June 09, 2005 @12:24PM (#12770076)
    As a follow-up to my previous comment:
    If you don't know how to do it, YOU DON'T KNOW HOW TO DO IT ON A COMPUTER

    DHS has computer problems, sure, but the agency as a whole is a misguided waste of resources. It's probably better that it's computer systems don't work, otherwise they'd figure out a way to stop Ted Kennedy from driving or using an elevator in addition to not flying.

  • by idontgno (624372) on Thursday June 09, 2005 @12:24PM (#12770081) Journal
    Adequate backups were lacking for networks that screen airline passengers...

    "I'm sorry, Sir, you can't board. Our screening system is down."

    "I've got a ticket. I've shown you my papers. You (and every RFID hacker within 50 feet of my entire path through this airport) have scrutinized my RFID passport. I've given my decilitre of blood for biometric screening. The plane is about to close door and push off. I'm returning home after 18 months dodging RPGs and Kalashnikov fire in Bagdhad, and I'm still in uniform. And you're telling me I can't board because you can't be sure I'm actually not bin Laden in extremely clever disguise?"

    "No, Sir, I'm telling you that you can't board. Our screening system is down."

    "This is unacceptable. Who is your supervisor?"

    "That is classified. Please wait here. [whispers into radio: "Got another Gitmo client for ya."]

    • by ArielMT (757715) on Thursday June 09, 2005 @12:52PM (#12770429) Homepage Journal
      And this is the reason why I won't ever fly commercial again. Everything I've ever hated about flying has only gotten worse since That Day.
    • by Akardam (186995) on Thursday June 09, 2005 @01:16PM (#12770844)
      *rant mode: enable*

      The above scenario really pisses me off, and it is a scenario that I see has a real probability of happening, all the more so because of the moronic alarmist intimidating position that the powers that be have taken about this whole national security thing. (Something similar, though not necessarily technology related happened during the "war" in Afghanistan when a wounded army Lt. was told he could not bring the wire clippers, that he could use to cut the wire holding his wounded jaw shut in case he started to choke, on the plane).

      As a reservist, the scenario gets me going even more because I could see it happening to a fellow reservist. Not only do you have a brave young man or woman who has, regardless of whether you think it right or wrong, been dodging bullets and rockets in humvee's with barely improvised armour, but who has also made the sacrifice as a reservist, by being away from their family and their chosen life in the line of duty. To me, if one of my shipmates who'd been on a year's deployment over there had this happen to them, it would be the ultimate smack in the face. "Thanks for serving, here's what we think of you!"

      I think by and large that most people, regardless of how they feel about the greater agenda, wouldn't hesitate to give a helping hand to that single instance of a citizen soldier. Except, of couse, for those big wigs who make policy, and to whom every man woman and child is guilty until proven innocent in the name of "homeland security".

      *rant mode: disable*
  • by Yonkeltron (720465) on Thursday June 09, 2005 @12:25PM (#12770086) Homepage
    This is very interesting news after Bush just got done saying how great the new patriot act is. It looks to me that our own security got lost while we were busy questioning the integrity of others. Between the roving wire-taps and the judge-less warrants, I think I deserve to know that the people taking away my information can keep it safe from others who would want to take it away.
  • by MythoBeast (54294) on Thursday June 09, 2005 @12:28PM (#12770125) Homepage Journal
    Since when does failing to back up your hard drive make your system easier to hack into? If you're talking about them having poor data integrity that's one thing, but this doesn't seem to point to poor computer security.
  • by 1967mustangman (883255) on Thursday June 09, 2005 @12:28PM (#12770127)
    Is anyone seriously surpised about this? I mean this department was cobbled together soooooo quickly its a wonder they can even function. I mean look at all the other departments of gov out their that have a barely functioning website. I don't know about you, but I have always found the most annoying websites to be government sites.
    • by ignorant_coward (883188) on Thursday June 09, 2005 @01:52PM (#12771362)
      I don't know about you, but I have always found the most annoying websites to be government sites.

      Some do really well. My state's website is awesome. I found out how to start a sole prorpietorship and do sales tax within a few clicks of the mouse. It also helps my state has awesome laws for sole prorietorships and sales tax (no business license and a single page return for state and county tax!).

      Sometimes, how a state government presents itself shows the overall health of that state. My state has a very level-headed approach, it seems, and tries hard to be reasonable to businesses. Some other states put on the red tape so thick, it is just pathetic...oh, and their websites suck, too.

  • by Shaper_pmp (825142) on Thursday June 09, 2005 @12:28PM (#12770135)
    WTF are "Extreme hackers"?

    People who crack Windows boxen while bungee jumping? Releasing IIS worms from a wi-fi enabled handheld in a canoe half-way down some whitewater rapids?

    Or, y'know, just yet another pathetic attempt to make something fundamentally known and understood sound suddenly somehow exciting and dangerous?

    Oh, and for reference? The "Extreme Hacker" your link's about was a 37 year-old script kiddie who Haxx0red Us government machines direct from his own home connection.

    You couldn't get stupider (and less '1ee7) if you tried...
  • Look (Score:3, Insightful)

    by blair1q (305137) on Thursday June 09, 2005 @12:29PM (#12770149) Journal
    Come on.

    Is anyone really surprised that the Bush administration has done nothing significant right in the War on Terror?

    The agencies still can't communicate, they're security holes in themselves, our resources are diverted to a fanatical war in Iraq that has nothing to do with terror in America, and we find that the greatest threat to the safety of Americans today is the lies the President told or ordered to be told in order to get 1500 kids killed in a place he admits we had no pressing reason to attack.

    This isn't a troll. It's a list of the facts. Anyone disagreeing can disagree, but will be fighting the truth. Consider that before posting political dogma.
    • Re:Look (Score:3, Insightful)

      by twiddlingbits (707452) on Thursday June 09, 2005 @12:44PM (#12770325)
      It IS Flamebait and you know it!

      . You don't have a clue about the facts. The Agencies DO co-operate (as indicated in the way some of the terrorists wannabes and funding sources have been rooted out here in the States), but they don't co-operate as well as they could. Do you really expect to change 25 yrs of Civil Servant attitudes in less than 4 yrs?

      The War in Iraq has a LOT to do with terrorism. Saddam and his Baath party provided sanctuary, training camps and funding for Al-Queda. To deny that is to deny FACTS, hard evidence and the statements of terrorists themselves. He would have provided WMDs when he got his programs back together when the UN got tired to looking and went back home.

      As long as Gov't agencies use Windoze there will be holes. As long as they employ humans mistakes will be made in either policy or implementation that cause holes. The issue is are they FINDING and closing the holes which I would say they are.

      Typical liberal distortion of the facts, thinking no one remembers what the truth is within a few days.
      • by Gulthek (12570) on Thursday June 09, 2005 @03:55PM (#12773023) Homepage Journal
        So...wow.

        Maybe you should read the 9/11 Commission's report.

        Shortpoint: Iraq had no ties to Al-Qaeda, Bin Laden considered Saddam an foe rather than a friend.

        The key phrase there is had no ties. Al-Qaeda seems pretty well integrated into Iraq now. Go us, I feel safer already. While Iraq is serving as a kind of lightning rod for terrorist activities, how long can it last?
    • by WarPresident (754535) on Thursday June 09, 2005 @12:47PM (#12770364) Homepage Journal
      s anyone really surprised that the Bush administration has done nothing significant right in the War on Terror?

      Filthy liar! Here's just one thing [lessig.org] that the Department of Homeland Security has done to protect the homeland from terrorist threats. And you can bet that there are a million more stories just like that one!
  • by phoenix42 (263805) on Thursday June 09, 2005 @12:29PM (#12770150)
    what a huge surprise that an enormous government agency would be totally unprepared to deal with many of the contigencies it was created to handle. No government agency will ever be as secure or prepared as it should be. Have you seen these morons holding up walls at the airport? I don't see them doing anything but standing there. They've got 47 employees per machine, but only 3 of them actually doing anything. The beauty of bureacracy is that 33 people can do what it would take one private sector employee to do.
    • by quarkscat (697644) on Thursday June 09, 2005 @02:17PM (#12771692)
      Actually, private sector airport security is where all this "anti-terrorism" business started to begin with. It's called "lowest cost bidder" contracting, and unfortunately the DHS (and the Dubya regime) has adopted it already for airport screening.

      The Dubya regime and the neo-con allies in Congress are hard at work making private contactor airport security a reality again. They decided (1) that they don't want 60,000 new Federal workers joining Federal unions, (2) that they can't do any better hiring security workers (for what they are willing to pay them) than private contractors can, and (3) they are really only interested in the appearance of better airport security.

      The people who service the planes on the tarmack, including the baggage handlers, do not pass through the same security screening that the airline passengers do. The bulk of air cargo never passes through any sort of screening process, just like our seaport cargo doesn't get screened.

      A local TV news organization (Metro DC) went out to Dulles International Airport on the heels of a group of FAA security investigators in April or May of 2001. DIA's private airport security had previosly failed FAA security inspections. Someone (within FAA?) tipped off Dulles Airport regarding the "surprise" inspection, and airport security officers refused (on TV) to allow FAA inspectors onto airport property. A short few months later, and a commercial aircraft was hijacked from Dulles airport and flown into the Pentagon. That is the value of private airport security.

      The biggest problem with the DHS under the Dubya regime is that the expansion of the Federal workforce is less desirable than the benefit of reducing terror threats. Similar problems can be seen with US Border Patrol, US Customs (seaports), and the TSA -- spending big bucks on flashy high technology equipment (that often doesn't work) is preferable to spending big bucks long term on more Federal employees. I have yet to see a buried seismic sensor or a UAV actually apprehend an unknown terrorist crossing our borders or slipping out of a cargo container -- that takes "boots on the ground".

      And that is why I believe the DHS is an oxymoron. Having the DHS spend $6 Billion (plus) USD on a multiyear software contract with Microsoft for their server and desktop OSes merely confirms that conviction. And their inability to facilitate an IT strategy of redundency and viable backups underlines the problem.

      These are not so much problems that can be better addressed by the private sector as they are problems with the corrupt regime currently in power.
  • by AtlanticGiraffe (749719) on Thursday June 09, 2005 @12:31PM (#12770168) Homepage

    "Should this agency strive to be good example for the rest of the country and protect against extreme hackers?"

    No. It's not their job. If the institution has to exist, it should outsource the IT stuff.

    When they founded the US government, they weren't trying to make a good example about computer security. They were trying to protect human rights. Let's stick to that. Everything else should be up to free enterprise.

  • my opinion (Score:1, Troll)

    by BigHungryJoe (737554) on Thursday June 09, 2005 @12:31PM (#12770176) Homepage
    As a rather well-known cyber-security consultant (you'd know my $450/hr name, I guarantee it) at Foundstone, I can tell you what the problem is - the lack of a comprehensive, rehearsed disaster recovery plan. It really isn't that hard, to implement it correctly, I always recommend this (clients are always amazed by its brilliance and simplicity) - every night, copy all of your company's critical data to a CD, and have EACH EMPLOYEE TAKE HOME A COPY.

    Bam - that pops, it sizzles, as we say in the consulting biz. Simple yet EXTREMELY effective.

    Now, if you want anymore advice, its gonna cost ya - ($450/hr)
  • That way, when a hacker trying to find a UFO cover-up stumbles across the treasure trove of smoking guns, the DHS can simply wipe their servers and say, "Due to lack of funding we were unable to afford back-ups. That's why, if you want to be safe, you need to give us more money." Thereby shifting the debate safely away from UFOs and back onto funding.

    Ideally they would be able to do a trade with those shifty HUD bastards whereby they trade funding for storage of embarrising documents;-)

  • by Foolomon (855512) on Thursday June 09, 2005 @12:33PM (#12770205) Homepage
    This reminds me of a story. I once worked for a company that specialized in tape backup software, name withheld. (I worked on Long Island then, not the on the plains of CHEYENNE, so don't try to guess the name of the company.) A few months after I stopped working there, I received a phone call from my ex-manager that went something like this:

    Mgr: So how's it going? Blah blah blah...

    Me: It's fine. Blah blah blah...

    Mgr: So..um..did you ever "borrow" a copy of the source code to the Disaster Recovery solution that you single-handedly wrote? You know, for "posterity" reasons?

    Me: Of course I didn't. That wouldn't be ethical for sure and probably would be illegal. Why do you ask?

    Mgr: Well, it seems that the hard drive that your machine used crashed and we don't have a backup.
  • by Mille Mots (865955) on Thursday June 09, 2005 @12:36PM (#12770233)
    From the title: Computer Security Lacking at Homeland Security

    From the summary (no, I'm not going to RTFA when the subject and summary are so far out of whack):

    Adequate backups were lacking for networks that ... in most cases failed to prepare sufficiently written disaster recovery plans that would ..."

    So, if I have valid backups of all the patient data here, I guess those HIPAA security requirements are met, eh? Or do I have to have valid backups and a DR plan to achieve 'computer security' nirvana?

    Now, if the issue were that their backup tapes were going offsite, unsecured and unencrypted, then the subject might make sense. But, this is silliness. Almost as silly as the DHS itself (hint: The Department of Homeland Security isn't supposed to keep the people safe from terrorists, it's supposed to keep the government safe...think about that one), but...whatever. (sigh)

  • by ohzero (525786) <onemillioninchange.yahoo@com> on Thursday June 09, 2005 @12:43PM (#12770315) Homepage Journal
    1. The entire DHS electronic infrastructure buildout was outsourced to a private defense contractor at a fixed budget cost. Pretty clearly, when money runs out, compromises need to be made. Obviously, backups were one of those compromises. I can also guarantee you that you don't have top industry minds in the SOC at DHS, and this organization is going to need serious help over the next few years to remediate all the things that they're breaking "out of the gate." 2. The title "the world's best hacker" could only be made up by someone as lame as the British media. I'm sure that ass clown was way to busy writing exploits to ever post meaningful or useful information to anywhere frequented by actual, knowledgable network security people. In short, what i'm saying is that he's a script kiddie who can code shell. /rant
  • by It doesn't come easy (695416) * on Thursday June 09, 2005 @12:44PM (#12770331) Journal
    Don't worry about it. As soon as any data appears on a DHS computer, someone will hack into it and copy the data to an offsite location...
  • An interesting link [typepad.com].
  • by A beautiful mind (821714) on Thursday June 09, 2005 @12:54PM (#12770497)
    Consider this flamebait if you wish, but that is how i see events from an european perspective.

    Since 9/11, the goverment of USA has been granted extra money, extra legal rights, extra measures and lives to defend against the 'terrorist threat'. I find it extremely ironic, let me tell you why.

    First, what did the government do in the last years to improve security? A lot of in-depth reports and analysis say that the results can be barely registered as an improvement, meanwhile being a major annoyance to the ordinary person. The terrorist threat will not be stopped by technology. Humans drive technological advancement and can defeat technology just the same way (if you consider humans to be an advanced piece of engineering, it can be seen clearly). The only way is to convince people, so basically through political and demographical measures, in which areas the USA managed to alienate a sizable chunk of the world after 9/11.

    So what do you managed to do in 4 years? The threat level increased in your country by your own actions, working technological measures could have been taken to decrease that risk, but instead the government ended up scaring people to give them more rights and tools. My post is not only related to this particular article, since i try to paint the bigger picture. Placing this particular article in the context of the proposed extension of the Patriot act, the increase in government buerocracy, the laws which you cannot know about but are subject to, the discrimination of muslim people (at customs, and generally in the us administration), the questionable state of DMCA and associated measures, etc. indicates that people need to question the government's actions. To sum it up what i find extremely ironic is that the government promised security and an indefinite fight against a concept (terrorism) and in the process you ended up with less security and less rights.

    • by Baron von Blapp (767958) on Thursday June 09, 2005 @01:24PM (#12770955) Homepage
      More Government and More Laws (not to be confused with Moore's Law) never protected or "secured" anyone. Ever. Just look at Europe for example.

      No matter what the government (any government) does, it will not be to protect you, it will be to protect the government. Why do they ban firearms, yet the government has firearms.... is the government somehow more responsible than the individual? No.

      As a matter of fact the governments of the world have laws that make them exempt from being responsible for anything.

      From a global perspective, law abiding and responsible humans are screwed. As Geryon would say "I think the end of the world must be getting near. Hell is getting full."

  • by spurious cowherd (104353) on Thursday June 09, 2005 @01:03PM (#12770653)
    A standard example of the 3 biggest lies in the world.

    3. I promise not to come in your mouth
    2. The check is in the mail
    1. We're from the Government & we're here to help you
  • by cccpkgb (793118) on Thursday June 09, 2005 @01:29PM (#12771029)
    I'd say the DHS has much bigger problems [bbc.co.uk] on their hands.
  • Backup != Security (Score:1, Interesting)

    by Anonymous Coward on Thursday June 09, 2005 @01:46PM (#12771278)
    " What do backups have to do with security? (Score:3, Insightful) by MythoBeast (54294) on Thursday June 09, @12:28PM (#12770125) (http://www.mythologicalbeast.org/ [mythologicalbeast.org] | Last Journal: Monday September 08, @02:27PM) Since when does failing to back up your hard drive make your system easier to hack into? If you're talking about them having poor data integrity that's one thing, but this doesn't seem to point to poor computer security."

    No kidding. Backups in one hand, security in the other. I'm sure /. is full of enough computer literate people to know that. Please explain to me how not making a backup makes one more suspectible to a hack. Okay, so if you did get hacked, you risk losing everything when you don't have a backup. But if you store that backup on another network drive you are MORE susceptible because you have more data spread out and available to hack.

    Sounds like an excuse to bring up other arguments, which it seems most on here have chosen to do.

    "As a rather well-known cyber-security consultant (you'd know my $450/hr name, I guarantee it) at Foundstone, I can tell you what the problem is - the lack of a comprehensive, rehearsed disaster recovery plan. It really isn't that hard, to implement it correctly, I always recommend this (clients are always amazed by its brilliance and simplicity) - every night, copy all of your company's critical data to a CD, and have EACH EMPLOYEE TAKE HOME A COPY."

    You've got to be kidding. This wouldn't even work for a business. So you are going to give EVERY employee access to everything in the business, trade secrets and all? And how are you going to ensure that the disc doesn't leave the employees possesion, and that old discs get destoryed? Plus, even the relatively small business that I work for has 20gig or more of things that should be backed up. How are you going to send that home? DVDs? Or an external backup drive for each employee?

    And the key point that everyone seems to be missing is that the point of all this extra spending is to make Americans, on average, FEEL safer. Doesn't really have to be safer. It's all part of the media/government spin on the truth. The war has a lot to do with terrorism because without terrorism there wouldn't be a lot of support for what the gov wants to get done. It's all politics. Look, if 9/11 never happened, do you think anybody would really support the actions we are taking across seas? It was a perfect time for the gov to expand their control and finish the job on Iraq. Whether the gov did this "primetime for action" tactic on purpose or they truthfully believed in what they were reporting to the public is up for debate. I'm dissapointed and scared to see so many of my fellow citizens willfully give up many rights for "safety" from perceived threats. Reminds me of the mob and extortion money: "We'll provide you safety for this price".

    Without politics, there would be a lot less crime. Why, you ask? Because there are a lot of measures that could be taken to drastically reduce crime that are poltically-incorrect or unpopular. Same goes for economic policy. There are times when a temporary tax hike would benefit the country immensely, yet no politician would want to back that platform.

    It will be interesting to see what happens in the next few years. A lot of universities have adopted programs for computer security due to the increase in demand for KNOWLEDGABLE staff. Seems to me a lot of these guys were raised on networking and know little about security and forensics, at least compared to what they would be expected to know.
  • by Sir_Eptishous (873977) on Thursday June 09, 2005 @02:53PM (#12772191) Homepage
    I think these government goon squads need an outside audit from someone in private industry. That would straighten their shit out.
  • by Master of Transhuman (597628) on Thursday June 09, 2005 @03:05PM (#12772361) Homepage

    "Government reported incompetent at everything, including invading other nations."

    Film at 11.
  • by Java Ape (528857) <(ten.063) (ta) (sggirb.ekim)> on Thursday June 09, 2005 @05:20PM (#12773942) Homepage
    Over the past several IT workers (particularly at government installation) have been buried under a mountain of new security requirements and demands. Most of these, in my opinion, merely codify common sense into a few thousand pages of fluff that's outdated the day after it's written, which is seldom a problem because nobody reads it.

    So they don't have a written disaster recovery plan -- how terrible. I'm a DBA, and I have six or seven disaster recovery plans, all neatly typed, with lots of polysyllabic verbiage, designed to impress auditors. They have official stamps and signatures of various company officials, and are kept in various safes etc. Unfortunately, the short version all this wated paper and time is "If the server crashes, we'll restore it from backup. If local backups are not available, we'll use off-site backups."

    So, having jumped through hoops, and burned a considerable number of company hours complying with ever-dumber requirements, can anybody tell me how this would actually help me recover from a real disaster? It's freaking common sense.

    So, while they may not be setting a good example for us corporate drones, I have a hard time seeing this as a SECURITY FAILURE!. Get a grip -- their Sysops and DBA's probably have a clue about data recovery even without an official plan.

1 + 1 = 3, for large values of 1.

Working...