Slashdot Mirror


U.S. Gov't Sponsors InfoSec Defense Training

Anomolous Cow Herd writes: "CNN is reporting that the U.S. government is awarding scholarships to a select few computer science students to study information security, with the caveat that they must agree to work for a government agency for at least two years afterwards. This is in response to the general state of paranoia that has ensued since 9/11, with 'cybersecurity' as a high priority. Considering that a vast majority of government agencies run on Windows NT and derivatives, it's no wonder that they consider the eventual graduating class of 180 'doesn't have a chance.'"

3 of 115 comments (clear)

  1. Motivation by _Sprocket_ · · Score: 5, Interesting
    Oddly enough the submission reads:

    This is in response to the general state of paranoia that has ensued since 9/11, with 'cybersecurity' as a high priority.

    While the VERY FIRST PARAGRAPH of the article reads:

    Long before September 11 and last year's virus-like attacks over the Internet, the United States government announced plans to train an elite corps of computer security experts to guard against cyberterrorism.

    Ya know what? Other than putting some additional paranoia in the public (and management) mind, infosec has little to do with terrorism. Sure, the politicians like the run around screaming "digital pearl harbor". But the general state of most organizations' infosec stance has been in shambles well before 9/11. And those vulnerabilities mean that these organizations are much more likely to be attacked by a random attack-of-opportunity than a coordinated terrorist activity.


    And that includes the US Government. It might go especially for the US Government where "security" is usually dealt with a Cold War mentality. One that has little to do with the current state of information security. Instead, government agencies tend to rely heavily on prosecution (which kicks in well after the damage has been done). Change to this mindset is hampered by limited budgets which make hiring experts (or retaining anyone with the appropriate skillset) difficult. A couple years ago, the FBI even complained to congress that they could not attract experts in the field due to their uncompetative pay.


    So to wrap it all up. Government computer systems tend to make suprisingly easy targets. This program is part of the awakening and catch-up the government is undergoing on this issue. It has very little to do with terrorism and 9/11. And even the very article referred to states that.

  2. Re:Bash boy, bash by Biolo · · Score: 4, Interesting

    The difference is that all of the Linux/BSD exploits are out in the open, and a large percentage come from people looking at the source code and going "oops!".

    Whilst I know the "many-eyes" theory isn't as good as many people think, I'm sure that the average line of code in an open source app gets more eye time that the average line of code in a proprietary, closed source one, so we find a higher percentage of our security problems. Now, just what percentage of security issues do you think that Microsoft et al actually openly admit to? I don't think there have been more than a couple of occasions where microsoft has said, without someone sticking the proverbial gun in their back, hey - security issue, we fess up, come and get the fix. Do you believe they don't find many more? Sure they do, they either just ignore them or quietly fix them and slip it in a servicepack.

    Quite clearly you can't compare the numbers just by taking them at face value. Filter out all those with "theoretical exploits" for a start. Next, take out all the duplicates - a patch released by RedHat may be for an identical issue to one released by SuSE and Mandrake - how many times did you count it? One? Three? Or do you just look at one distro? Which one? The one with the most patches - maybe they're really good at looking for problems and putting out fixes, on the other hand maybe they really screwed up the original release. The one with the least patches? Probably not paying attention.

    Now a more interesting exercise would be to have a couple of groups of security experts sit down for a few months with the complete source of a recent Linux system and that of WinXP and tot up the number of security issues they can come up with. How about an independent study, draw up a set of rules, have MS put up 50% of the money and one (or more ) linux companies put up the other 50.

    --
    Stealing a rhinoceros should not be attempted lightly.
  3. Re:Working for the government? by goldspider · · Score: 5, Interesting
    I really hate to feed a troll, but I suspect alot of people here might actualy believe the subject line of the parent.

    I work for the government, and in these times when the economy is still on shaky ground, the job security alone enough was enough to get me to take the position.

    The fact is that IT positions in the government actually pay quite well. Considering the area I live in, my starting salary was quite competetive with what the private sector was willing to pay. Not to mention the famous government benefits packages.

    The U.S. government does indeed have alot of NT servers. The Powers That Be (TM) understand the vulnerability, and apparently are willing to pay handsomely to fix it. In a time of a job market that's uncertain at best, I can think of worse situations than a free education and a 2-yr. job guarantee.

    --
    "Ask not what your country can do for you." --John F. Kennedy