Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security United States Government Politics

Computer Security Lacking at Homeland Security 158

Posted by Zonk from the security-is-in-the-name dept.
peter303 writes "The New York Times (reg. required) reports that computer backup procedures are woefully inadequate at 19 centers of the Department of Homeland Security. Should this agency strive to be good example for the rest of the country and protect against extreme hackers? " From the article: "Adequate backups were lacking for networks that screen airline passengers, that inspect goods moving across borders and that communicate with department employees and outside officials. Those same agencies, the auditors found, have in most cases failed to prepare sufficiently written disaster recovery plans that would guide operations if a main office or computer system was knocked out."
This discussion has been archived. No new comments can be posted.

Computer Security Lacking at Homeland Security More

Computer Security Lacking at Homeland Security

Comments Filter:

  • HA! (Score:2, Funny)

    by uberjoe ( 726765 )
    Oh what a delicious irony. Insecurity and the Dept of Security.

    • Re:HA! (Score:3, Funny)

      by JamesD_UK ( 721413 )
      My computer homeland security appears to perfectly adequate. Just try hacking me [127.0.0.1]!

      • Re:HA! (Score:2)

        by Rei ( 128717 )
        It's a lot more effective when you create a DNS entry that maps to 127.0.0.1. Then, even a person who knows very well that 127.0.0.1 is local loopback might not notice, and start issuing commands to scan and attack based on the DNS instead of the IP.

    • Re:HA! (Score:4, Funny)

      by Rei ( 128717 ) on Thursday June 09, 2005 @11:33AM (#12770196) Homepage
      Hey now, don't try and pressure them to reform. You know very well that if the Department of Homeland Security is forced to spend the resources to make its network more secure, the terrorists win [affbrainwash.com]. Do you really want the terrorists to win? Why do you hate America [blogspot.com] so much?

    • Re:HA! (Score:3, Funny)

      by dodobh ( 65811 )
      The ministry of peace.
      The ministry of truth.
      The department of homeland security.
      • I have always wondered why it was not called the deptartment of offence.
      • "The ministry of peace.
        The ministry of truth.
        The department of homeland security."

        I still get the impression that the name implies a salute using a stiff palm raised high. Maybe with a little Vaugner playing in the background.

        What moron thought that was a good name?
    • The thing is, that the Dept of Homeland Security is just theatre anyway. Most governments, notably the US govt, just want us all to be fearful, and hence easier to manipulate.
    • Oh what a delicious irony. Insecurity and the Dept of Security.

      Yes, that was the joke. I know I'll sleep better tonight knowing that you got it.

      LK
  • ... for every little thing we want to read.... User ID: slashdotreader Password: slashdot

  • I'm torn... (Score:4, Insightful)

    by bluGill ( 862 ) on Thursday June 09, 2005 @11:18AM (#12769995)

    It is wrong that they don't have backups. However a lot of this data is stuff that I want to be on a server that crashes hard, without backups. Preferably in such a way that even disaster recovery places can't get the data back.

    • What scares me is that this new agency is losing its records. Data loss is a security issue always, but now when we are paying people to do a job on our behalf.

      If another 9/11 happens do you want them to be able to look at their records? What if they are fsck'n the system on our dime?

      Just store them on a backup machine nicknamed "Deep Throat".
    • No backups... disaster for DHS... added protection for the people who are listed on their servers... most of the identity information that's 'gone missing' lately has been from mislaid backup tapes.

    • Re:I'm torn... (Score:1, Flamebait)

      by ScentCone ( 795499 )
      However a lot of this data is stuff that I want to be on a server that crashes hard, without backups. Preferably in such a way that even disaster recovery places can't get the data back.

      Um... because you'd rather that security is handled by systems that can mine for threats in real time, all the time, so they don't have to worry about it? Or, because you're really not worried about the foreign national who's overstayed his visa, but who took pilot lessons, just spent a couple of months touring the scenic
      • Ah! The Flamebait Of Truth Mod! That's my favorite kind - it means I'm strking a chort. The GP thinks that DHS's systems might be better off trashed, but offers no notion of how he'd approach dealing with exactly the sort of issues that I just raised. The mod down means that there are at least two people that clueless.

    • It is wrong that they don't have backups. However a lot of this data is stuff that I want to be on a server that crashes hard, without backups. Preferably in such a way that even disaster recovery places can't get the data back.

      As much as they're functioning as an evil entity ....

      If they are going to gather information which will be used to imprison people, strip them of their rights, or all of the other things they are doing, it behooves them to have accurate records.

      Otherwise, what happens when they

  • Who needs good security on homeland computers? (Score:3, Funny)

    by CrazyJim1 ( 809850 ) on Thursday June 09, 2005 @11:18AM (#12769998) Journal
    If they can trace down who's hacking them, they deserve a stiff jail time. Any one who attempts to hack homeland security computers knows that they're going to get serious jail time. Basically the only people who want to hack homeland security computers would be terrorists.
    • I'm assuming that there will be a lot of people who won't realize you're kidding.

    • Re:Who needs good security on homeland computers? (Score:4, Insightful)

      by I confirm I'm not a ( 720413 ) on Thursday June 09, 2005 @11:27AM (#12770105) Journal

      Basically the only people who want to hack homeland security computers would be terrorists.

      ...and UFO researchers [slashdot.org]. Don't forget UFO researchers.

      ;-)

      Seriously, though, I'd tend to blame "hacking" like this on the intelligence and security services of foreign powers (and their domestic servants, etc) before I blamed terrorists. Terrorists tend to prefer, well, terror, preferably against a multitude of frightened civilians.

    • Basically the only people who want to hack homeland security computers would be terrorists.

      Perhaps. But we cannot just point the finger immediately as soon as a computer does get cracked. And the fact that crackers can use anonymous proxies and the like to carry out their attacks doesn't necessarily mean that they'll get caught right off the bat. And we all need good security in any case, really. No one wants a systemwide failure period. That motivation at least should be enough to upgrade Homeland Secu
    • What, so we shouldn't bother with strong security at Ft. Knox because anyone who tried to stage a robbery there would be locked up for eons, and would be a large-scale criminal anyway?

      Unfortunately, I think that quite a few people who aren't "terrorists" per se would be more than happy to try to hack into homeland security computers. Why? I'd imagine it's quite an accomplishment to claim, from certain points of view. Plus, there are certain people who are anti-government but not exactly anti-American
    • Basically the only people who want to hack homeland security computers would be terrorists.

      So is it fair to say that someone who has a problem with the US Dept of Homeland Security is a terrorist sympathizer? Or even has terrorist tendencies?

  • It's all an Illusion (Score:5, Insightful)

    by ilyanep ( 823855 ) on Thursday June 09, 2005 @11:18AM (#12769999) Journal
    Don't take this as flamebait but I have the feeling that nobody's really trying hard enough to protect us. We stand an hour longer in the security line just so that people can bring explosives through in their shoes? Now they make us take our shoes off. What if someone brings explosives through in their pants?

    Same here...they pretend to try to catch terorists when in reality the next power failiure could knock the whole list out.
    • Well of course. I thought that everyone knew that the government doesn't really give a damn about the people. It just needs to put on a good show so that the unintelligent majority can sit back and watch thier sitcoms and never actually think about anything.

    • It's not about security, only the perception of it (Score:5, Insightful)

      by khasim ( 1285 ) <brandioch.conner@gmail.com> on Thursday June 09, 2005 @11:34AM (#12770215)
      Don't take this as flamebait but I have the feeling that nobody's really trying hard enough to protect us.
      Hey, I agree with you on that.
      We stand an hour longer in the security line just so that people can bring explosives through in their shoes? Now they make us take our shoes off. What if someone brings explosives through in their pants?
      Yep. That's because no one is looking at the systems and processes with the intent of actually improving them.

      Instead, we have knee-jerk reactions from people who do NOT understand security who attempt to compensate for previous attacks with new rules/regs.
      Same here...they pretend to try to catch terorists when in reality the next power failiure could knock the whole list out.

      And the "pretend" is the problem. That's exactly what they're doing. And they're hoping that the public will accept that as them actually doing something about the problem.

      It's all about the public perception of the issue.

      The same as it is in all aspects of politics.

      As long as there isn't a power outage, they're doing a "good" job, as far as the public is concerned.

      If there is a power outage, then it comes down to whom they can blame.

      It's a lot easier and far more cost effective for the politicians to be re-active rather than pro-active.

      Which is why security is NOT something that ANYONE should allow a politician to be involved in.
      • If there is a power outage, then it comes down to whom they can blame.

        I think this is my favorite part. SOP is to appoint a panel and narrowly define their charge. Extra points if the committee doesn't have subpoena power.

        After a year or so, the panel finds that no single person is to blame, and that the "culture" needs to change. They write a report. Maybe people read it. The report goes on a shelf. Nobody loses their job. Eventually, things will hit the fan again and a new panel can be appointed. Witne

      • Re:It's not about security, only the perception of (Score:5, Insightful)

        by 4of12 ( 97621 ) on Thursday June 09, 2005 @01:39PM (#12772009) Homepage Journal
        Which is why security is NOT something that ANYONE should allow a politician to be involved in.

        Security? The same argument may be applied to politicians running the economy and creating legislation and regulations, too.

        Perhaps we ought to look into education so our peasants aren't so damn gullible to the wiles of politicians.

        • Security is all of our concern, individually. It is not a job for government. The Private Sector seems able to rise to most occasions and when it comes to security, I leave mine in the capable hands of Col. Colt If he is unavailabale I have been known at times to employ the services of a a Mr Ruger. The firm of Smith and Wesson have also shown promise in this field.
    • > I have the feeling that nobody's really trying hard enough to protect us. We stand an hour longer in the security line just so that people can bring explosives through in their shoes? Now they make us take our shoes off. What if someone brings explosives through in their pants?

      ...then evolutionary pressures start to select in favor of people like the Goatse Guy?

      Seriously - that was the biggest disappointment about the shoe-bomber case. If he'd only smuggled the bomb up his ass, the simple act

    • Your friends in the war on terror over here in Australia plainly don't care about security either. In the last few weeks we've found dodgy baggage handlers [chinabroadcast.cn] in the airports, a chinese diplomat [abc.net.au] who is trying to defect and says that Australia is infested with chinese spies and threats against foreign countries embassies [nzherald.co.nz] within our own soil.

      Governments are hopeless at dealing with security. They are slow, lack innovative thinking and care more for their own careers than for their constituents. What matters m

    • Don't take this as flamebait but I have the feeling that nobody's really trying hard enough to protect us. We stand an hour longer in the security line just so that people can bring explosives through in their shoes? Now they make us take our shoes off. What if someone brings explosives through in their pants?

      Considering that IMO probably 98% of all the people in the world should never be seen naked I'd vote for gouging my eyes out, I think.

      On a happier note, it's also my opinion that the remaining 2%

    • Something I've wondered is when the terrorists will actually have the explosives INSIDE them. Fuck, if you are gonna die anyway, just pull out a kidney or pack some explosives inside a lung.

      The main problem will be to get the guy so drugged he won't care about the stitches/pain yet will still be able to physically board the plane.

      It'd be even better to use a post-partum woman. She'd already have a lot of room and wouldn't really require surgery to implant the explosives. It'd be hard to get a woman rec
    • Oh, yeah, thanks for the image. "Are you happy to see me or are those explosives in your pants?"
    • If you do have a bomb, a long queue of annoyed, tired travellers in a crowded airport looks a lot like a lovely soft target. Why try to get on the plane?
    • it's not really about protecting us. it's about having a reason to issue contracts to the same companies that would be producing items for our military if we still had a credible opposing superpower. i for one feel a little warm fuzzy that they even bother to come up with these flimsy excuses. they wouldn't lie to us if they didn't care what we thought
    • Absolutely.

      There is nothing about these security checks that is going to stop a real threat. It is a chance to spend money (power) and hire people (influence) to keep up employment (but not a public works program because its security and military--wink, wink). Making people wait in line is just training for our glorious future. Does it matter what you call your government if it just plane sucks?

      I see absolutely NO concern about terrorism from this government. I just see window dressing. Terrorism should b

  • And this matters how??? (Score:3, Interesting)

    by shoppa ( 464619 ) on Thursday June 09, 2005 @11:21AM (#12770031)
    What difference does it make whether you have backup hardware/network/software ready when the primary doesn't even do the desired job? The government as a whole spends billions every year to attempt to refine ill-defined requirements into working productive systems that fill real needs. The DHS has never succeeded in producing such a system.

    It's easy to pick holes in the lack of backup of a system, but it's pointless when the system has no utility to begin with.

  • Something is lacking at Homeland Security???

    Say it ain't so!
  • When are people in Washington going to wake up? It's probably going to take a Pearl Harbor style disaster for them to do something...
    • I thought 9/11 WAS Pearl Harbor.

      But wait! After Pearl Harbor Roosevelt didn't say 'Let's go shopping!'. Which is precisely what Bush Cheney said after 9/11 so maybe you are right....

    • It's probably going to take a Pearl Harbor style disaster for them to do something...

      They are doing something. They're taking a pile of your tax dollars and using it to collect information on you while simultaneously giving huge amounts of money to all sorts of ex-cons and ex-govt officials in a variety of security industries. Or did you mean you wish they would do something about improving their computer security or inconveniencing terrorists. Fat chance of that.

    • And are now protecrted by things like the Patriot act that disallows you to share their information and other laws that make cracking illegal in the first place.

      They only have to post his information on their servers and the hackers will stay away.

    • If you remember from your history class, Pearl Harbor was in direct responce to the United States economic and political pressures, which were at the time, quite a misperception.

      The increasing diplomatic confrontations and economic sanctions against Japan by the United States and others, compounded by Japan's undeclared war in China and the weakening of European control in Asian colonies, precipitated the war in the Pacific.

      You can find this information here: http://www.mindef.gov.sg.nyud.net:8090/safti/p [nyud.net]
      • Pearl Harbor was, in retrospect (the only perspective that matters today), important as the galvanizing event sending the American public to war against the Japanese, regardless of the prior interest of the American government. Or prior provocation. The Qaeda WTC/Pentagon planebombings were the same: galvanizing event, sending Americans ourselves to war against "Terror". We already had several prior attacks, including the USS Cole, African embassies, even the 1993 WTC bombing. But the planebombings galvaniz

  • If you don't know how to do it... (Score:3, Insightful)

    by shoppa ( 464619 ) on Thursday June 09, 2005 @11:24AM (#12770076)
    As a follow-up to my previous comment:
    If you don't know how to do it, YOU DON'T KNOW HOW TO DO IT ON A COMPUTER

    DHS has computer problems, sure, but the agency as a whole is a misguided waste of resources. It's probably better that it's computer systems don't work, otherwise they'd figure out a way to stop Ted Kennedy from driving or using an elevator in addition to not flying.


    • Add that the only agencies that could ever hope to get funding to do a computer system properly are not under DHS. The CIA, NSA, somewhere deep in the DoD, etc., they probably get the resources they need, but DHS is a cost for Congress to budget without immediate intelligence or defense benefits like spy satellites or cruise missiles.

      Probably the biggest challenge for DHS is not computers, either, as it is probably raw man power. Thousands of miles of borders, compounded by interdependent economies, isn'
    • ...otherwise they'd figure out a way to stop Ted Kennedy from driving...

      Mary Jo Kopechne might not think that that's such a bad idea.

  • This could really suck... (Score:5, Insightful)

    by idontgno ( 624372 ) on Thursday June 09, 2005 @11:24AM (#12770081) Journal
    Adequate backups were lacking for networks that screen airline passengers...

    "I'm sorry, Sir, you can't board. Our screening system is down."

    "I've got a ticket. I've shown you my papers. You (and every RFID hacker within 50 feet of my entire path through this airport) have scrutinized my RFID passport. I've given my decilitre of blood for biometric screening. The plane is about to close door and push off. I'm returning home after 18 months dodging RPGs and Kalashnikov fire in Bagdhad, and I'm still in uniform. And you're telling me I can't board because you can't be sure I'm actually not bin Laden in extremely clever disguise?"

    "No, Sir, I'm telling you that you can't board. Our screening system is down."

    "This is unacceptable. Who is your supervisor?"

    "That is classified. Please wait here. [whispers into radio: "Got another Gitmo client for ya."]

    • And this is the reason why I won't ever fly commercial again. Everything I've ever hated about flying has only gotten worse since That Day.
    • *rant mode: enable*

      The above scenario really pisses me off, and it is a scenario that I see has a real probability of happening, all the more so because of the moronic alarmist intimidating position that the powers that be have taken about this whole national security thing. (Something similar, though not necessarily technology related happened during the "war" in Afghanistan when a wounded army Lt. was told he could not bring the wire clippers, that he could use to cut the wire holding his wounded jaw shu
  • This is very interesting news after Bush just got done saying how great the new patriot act is. It looks to me that our own security got lost while we were busy questioning the integrity of others. Between the roving wire-taps and the judge-less warrants, I think I deserve to know that the people taking away my information can keep it safe from others who would want to take it away.

  • What do backups have to do with security? (Score:3, Interesting)

    by MythoBeast ( 54294 ) on Thursday June 09, 2005 @11:28AM (#12770125) Homepage Journal
    Since when does failing to back up your hard drive make your system easier to hack into? If you're talking about them having poor data integrity that's one thing, but this doesn't seem to point to poor computer security.
    • Security is normally considered to have 3 aspects. Secrecy (or confidentiality), integrity, and availability. (Use the mnenomic "CIA" to remember the three components). While secrecy is (sometimes) important, it is just one part of security.

    • Exactly.

      While backup processes are related to data retention policy, and such polieces are related to security, it's a gross oversimplification to assert that "NO BACKUPS = NO SECURITY" as Submitter has done.
    • Since when does failing to back up your hard drive make your system easier to hack into? If you're talking about them having poor data integrity that's one thing, but this doesn't seem to point to poor computer security.

      (scratches head)

      1. If you don't know what you had you don't know if what you have has been screwed with.

      2. If you do get screwed with, it's critical to be able to restore from a known good system. Otherwise, game over; you have to rebuild from scratch and guess about what has/has no

  • Is anyone seriously surpised about this? I mean this department was cobbled together soooooo quickly its a wonder they can even function. I mean look at all the other departments of gov out their that have a barely functioning website. I don't know about you, but I have always found the most annoying websites to be government sites.
    • I don't know about you, but I have always found the most annoying websites to be government sites.

      Some do really well. My state's website is awesome. I found out how to start a sole prorpietorship and do sales tax within a few clicks of the mouse. It also helps my state has awesome laws for sole prorietorships and sales tax (no business license and a single page return for state and county tax!).

      Sometimes, how a state government presents itself shows the overall health of that state. My state has a v

  • "Extreme Hackers"? (Score:4, Funny)

    by Shaper_pmp ( 825142 ) on Thursday June 09, 2005 @11:28AM (#12770135)
    WTF are "Extreme hackers"?

    People who crack Windows boxen while bungee jumping? Releasing IIS worms from a wi-fi enabled handheld in a canoe half-way down some whitewater rapids?

    Or, y'know, just yet another pathetic attempt to make something fundamentally known and understood sound suddenly somehow exciting and dangerous?

    Oh, and for reference? The "Extreme Hacker" your link's about was a 37 year-old script kiddie who Haxx0red Us government machines direct from his own home connection.

    You couldn't get stupider (and less '1ee7) if you tried...
    • Oh, and for reference? The "Extreme Hacker" your link's about was a 37 year-old script kiddie who Haxx0red Us government machines direct from his own home connection.
      Was his home connection a satellite link to a raft floating on a pond with ill-tempered Sea Bass at least?

  • Look (Score:3, Insightful)

    by blair1q ( 305137 ) on Thursday June 09, 2005 @11:29AM (#12770149) Journal
    Come on.

    Is anyone really surprised that the Bush administration has done nothing significant right in the War on Terror?

    The agencies still can't communicate, they're security holes in themselves, our resources are diverted to a fanatical war in Iraq that has nothing to do with terror in America, and we find that the greatest threat to the safety of Americans today is the lies the President told or ordered to be told in order to get 1500 kids killed in a place he admits we had no pressing reason to attack.

    This isn't a troll. It's a list of the facts. Anyone disagreeing can disagree, but will be fighting the truth. Consider that before posting political dogma.

    • Re:Look (Score:3, Insightful)

      by twiddlingbits ( 707452 )
      It IS Flamebait and you know it!

      . You don't have a clue about the facts. The Agencies DO co-operate (as indicated in the way some of the terrorists wannabes and funding sources have been rooted out here in the States), but they don't co-operate as well as they could. Do you really expect to change 25 yrs of Civil Servant attitudes in less than 4 yrs?

      The War in Iraq has a LOT to do with terrorism. Saddam and his Baath party provided sanctuary, training camps and funding for Al-Queda. To deny that is to den
      • So...wow.

        Maybe you should read the 9/11 Commission's report.

        Shortpoint: Iraq had no ties to Al-Qaeda, Bin Laden considered Saddam an foe rather than a friend.

        The key phrase there is had no ties. Al-Qaeda seems pretty well integrated into Iraq now. Go us, I feel safer already. While Iraq is serving as a kind of lightning rod for terrorist activities, how long can it last?
    • s anyone really surprised that the Bush administration has done nothing significant right in the War on Terror?

      Filthy liar! Here's just one thing [lessig.org] that the Department of Homeland Security has done to protect the homeland from terrorist threats. And you can bet that there are a million more stories just like that one!
  • what a huge surprise that an enormous government agency would be totally unprepared to deal with many of the contigencies it was created to handle. No government agency will ever be as secure or prepared as it should be. Have you seen these morons holding up walls at the airport? I don't see them doing anything but standing there. They've got 47 employees per machine, but only 3 of them actually doing anything. The beauty of bureacracy is that 33 people can do what it would take one private sector employee
    • Actually, private sector airport security is where all this "anti-terrorism" business started to begin with. It's called "lowest cost bidder" contracting, and unfortunately the DHS (and the Dubya regime) has adopted it already for airport screening.

      The Dubya regime and the neo-con allies in Congress are hard at work making private contactor airport security a reality again. They decided (1) that they don't want 60,000 new Federal workers joining Federal unions, (2) that they can't do any better hiring se

  • "Should this agency strive to be good example for the rest of the country and protect against extreme hackers?"

    No. It's not their job. If the institution has to exist, it should outsource the IT stuff.

    When they founded the US government, they weren't trying to make a good example about computer security. They were trying to protect human rights. Let's stick to that. Everything else should be up to free enterprise.

  • As a rather well-known cyber-security consultant (you'd know my $450/hr name, I guarantee it) at Foundstone, I can tell you what the problem is - the lack of a comprehensive, rehearsed disaster recovery plan. It really isn't that hard, to implement it correctly, I always recommend this (clients are always amazed by its brilliance and simplicity) - every night, copy all of your company's critical data to a CD, and have EACH EMPLOYEE TAKE HOME A COPY.

    Bam - that pops, it sizzles, as we say in the consulting b
    • And here's my $14.72/hr advice:

      You're an idiot if you let your thousands of underlings each take home their own personal copy of the classified data that they work on.

      B

      • Actually, with the right encryption, it could work fairly well. Unrecoverable media failure (leaving the CD on a car dashboard) is mitigated by the huge redundancy.

        Of course, there's only so much a CD or even a DVD can hold, so only the smallest businesses could do this.

    • Comment removed based on user account deletion
  • That way, when a hacker trying to find a UFO cover-up stumbles across the treasure trove of smoking guns, the DHS can simply wipe their servers and say, "Due to lack of funding we were unable to afford back-ups. That's why, if you want to be safe, you need to give us more money." Thereby shifting the debate safely away from UFOs and back onto funding.

    Ideally they would be able to do a trade with those shifty HUD bastards whereby they trade funding for storage of embarrising documents;-)

  • This reminds me of a story... (Score:4, Funny)

    by Foolomon ( 855512 ) on Thursday June 09, 2005 @11:33AM (#12770205) Homepage
    This reminds me of a story. I once worked for a company that specialized in tape backup software, name withheld. (I worked on Long Island then, not the on the plains of CHEYENNE, so don't try to guess the name of the company.) A few months after I stopped working there, I received a phone call from my ex-manager that went something like this:

    Mgr: So how's it going? Blah blah blah...

    Me: It's fine. Blah blah blah...

    Mgr: So..um..did you ever "borrow" a copy of the source code to the Disaster Recovery solution that you single-handedly wrote? You know, for "posterity" reasons?

    Me: Of course I didn't. That wouldn't be ethical for sure and probably would be illegal. Why do you ask?

    Mgr: Well, it seems that the hard drive that your machine used crashed and we don't have a backup.

  • WTF? Backups and DR equate to 'security?' (Score:4, Insightful)

    by Mille Mots ( 865955 ) on Thursday June 09, 2005 @11:36AM (#12770233)
    From the title: Computer Security Lacking at Homeland Security

    From the summary (no, I'm not going to RTFA when the subject and summary are so far out of whack):

    Adequate backups were lacking for networks that ... in most cases failed to prepare sufficiently written disaster recovery plans that would ..."

    So, if I have valid backups of all the patient data here, I guess those HIPAA security requirements are met, eh? Or do I have to have valid backups and a DR plan to achieve 'computer security' nirvana?

    Now, if the issue were that their backup tapes were going offsite, unsecured and unencrypted, then the subject might make sense. But, this is silliness. Almost as silly as the DHS itself (hint: The Department of Homeland Security isn't supposed to keep the people safe from terrorists, it's supposed to keep the government safe...think about that one), but...whatever. (sigh)

  • DHS: (Score:1)

    by ohzero ( 525786 )
    1. The entire DHS electronic infrastructure buildout was outsourced to a private defense contractor at a fixed budget cost. Pretty clearly, when money runs out, compromises need to be made. Obviously, backups were one of those compromises. I can also guarantee you that you don't have top industry minds in the SOC at DHS, and this organization is going to need serious help over the next few years to remediate all the things that they're breaking "out of the gate." 2. The title "the world's best hacker" cou
  • Don't worry about it. As soon as any data appears on a DHS computer, someone will hack into it and copy the data to an offsite location...
  • Consider this flamebait if you wish, but that is how i see events from an european perspective.

    Since 9/11, the goverment of USA has been granted extra money, extra legal rights, extra measures and lives to defend against the 'terrorist threat'. I find it extremely ironic, let me tell you why.

    First, what did the government do in the last years to improve security? A lot of in-depth reports and analysis say that the results can be barely registered as an improvement, meanwhile being a major annoyance to t
    • More Government and More Laws (not to be confused with Moore's Law) never protected or "secured" anyone. Ever. Just look at Europe for example.

      No matter what the government (any government) does, it will not be to protect you, it will be to protect the government. Why do they ban firearms, yet the government has firearms.... is the government somehow more responsible than the individual? No.

      As a matter of fact the governments of the world have laws that make them exempt from being responsible for anyth

  • A standard example of the 3 biggest lies in the world.

    3. I promise not to come in your mouth
    2. The check is in the mail
    1. We're from the Government & we're here to help you
  • I'd say the DHS has much bigger problems [bbc.co.uk] on their hands.

  • Backup != Security (Score:1, Interesting)

    by Anonymous Coward
    " What do backups have to do with security? (Score:3, Insightful) by MythoBeast (54294) on Thursday June 09, @12:28PM (#12770125) ( http://www.mythologicalbeast.org/ [mythologicalbeast.org] | Last Journal: Monday September 08, @02:27PM) Since when does failing to back up your hard drive make your system easier to hack into? If you're talking about them having poor data integrity that's one thing, but this doesn't seem to point to poor computer security."

    No kidding. Backups in one hand, security in the other. I'm sure /. is ful
  • I think these government goon squads need an outside audit from someone in private industry. That would straighten their shit out.

  • "Government reported incompetent at everything, including invading other nations."

    Film at 11.
  • Over the past several IT workers (particularly at government installation) have been buried under a mountain of new security requirements and demands. Most of these, in my opinion, merely codify common sense into a few thousand pages of fluff that's outdated the day after it's written, which is seldom a problem because nobody reads it.

    So they don't have a written disaster recovery plan -- how terrible. I'm a DBA, and I have six or seven disaster recovery plans, all neatly typed, with lots of polysyllabic

Slashdot Top Deals

Life is a whim of several billion cells to be you for a while.

Close