U.S. Cybersecurity Report Available

Kaelem writes "Kevin Rose put up a copy of the report Cybersecurity for the Homeland (pdf), due to be released tomorrow. It talks about some interesting things, like expanding the US-CERT website as well as funding for colleges to develop cybersecurity curriculum."

Which department?

[wcitechnologies]

More like from the U.S. Depeartment Of We're Not Going To Tell You Anything You Didn't Already Know About Security

Re:Which department?

[canuck57]

More like from the U.S. Depeartment Of We're Not Going To Tell You Anything You Didn't Already Know About Security

No one cares about security until they get burned. Once burned the battle cry goes for awhile and fizzles as most don't give a rats ass about security beyond looking politically correct. It is why so many sites and users get hacked.

And here is a hint, most get hacked from the inside out, that is - some twit loads a spyware or malicious program and claims ignorance when it happens. More like carelessness but management often overlooks it.

Safe computing is like safe sex, use some precaution and don't be a slut and download everything you can click on.

Wide range of topics ...

[ProfaneBaby]

They're definitely focusing on a wide range ... something I didn't expect to see in the report was the DDoS / zombie bot armies:

Just as 1920s gangsters evolved into organized crime syndicates, a sophisticated command and control network is emerging within the Internet with agreed-upon boundaries of control and "gangs" working for a "boss." These modern criminals and terrorists often don't know or meet the crews who carry out the actual cyber attacks, making it even more difficult to track and prosecute them.

Definitely something worth investigating, just wondering what a few billion in research dollars is going to reveal - hopefully more than "it's a problem that's difficult to fix" report.

Yes, there are programs

[dexterpexter]

The National Science Foundation (NSF) and the Department of Defense (DoD) already sponsor Scholarship For Service (SFS) programs like the Cyber Corps to train students in aspects of cyber security with the intention of placing them in government information assurance positions.

And many colleges are developing Centers for Information Security (CIS), and among those, that is where you see the government encouraging these programs.

The tag line, I believe, is "Defending America's Cyberspace."

More information on the SFS program can be found here:
http://www.sfs.opm.gov/ScholarshipMain.asp

I doubt that.

[dexterpexter]

Really? As someone who just finished studying and reading the CERT guide for System Administration and Accreditation (yes, it was torture), I find that most system administrators do not know the principles within, or recklessly choose to disregard some of the most helpful ones. Many system administrators are seat-of-the-pants, self-taught individuals who learn along the way as issues come up, and sometimes miss some of the fine points of securing a system. A lot of admins push large upgrades on production systems, or use test systems still connected to the main network (the recent 60,000 computer fiasco reported in /. is a good example), don't practice isolation, choose their products on budget or because of a last minute need (although sometimes this is unavoidable), do not configure firewalls correctly, do not lock down their systems tightly, etc. Sometimes they do everything they should, but out of order. A lot of people don't realize the importance of order in bringing systems online. Many times, these are on critical systems or systems which contain confidential information. Customer information is put at risk, simply because the administrators do not know any better.
A lot of companies hire admins who are actually unqualified, but who can do a "good enough" job because they don't understand what to look for in an admin.
Not all admins are this way, but a suprising number of them are.

If admins out there honestly knew everything there was to know about security, and administer their system to the CERT guide specs, then I would be impressed. Because my experience in observing everything from large university systems, health care systems, tag agency (all-you-need-for-identity-theft-agencies, more appropriately) systems, corporate systems (credit card information and personal information), is that this simply isn't so.
A lot of penetration testing reveals vulnerabilities in areas that are clearly stated in that CERT guide.

Are our lives really changed?

[joeljones]

Am I the only person who is tired of the rhetoric "Since September 11th, each and every American's life has changed"? For those outside of the goverment, and particularly the military, has it really? Certainly we have mangled the Bill of Rights beyond recognition, but am I the only one whose reaction to the 2nd attack on the WTC was "well, it finally happened?" And the notion that using commercial airliners as weapons was unthought of? Given that Tom Clancy is a best selling author, the odds that no one in our security infrastructure read about that scenario is close to zero.

Re:Are our lives really changed?

[dave420]

Seeing as the pentagon was having drills for what to do should airliners be used as weapons against them, and the previous G8 meeting earlier in the year when anti-aircraft armaments were deployed, to defend against rogue aircraft, their claim they didn't know about airplanes==weapons is just pathetic lying.

For a country that loves democracy so much, America doesn't seem to give a flying shit when their politicians lie. Unless it's about a blowjob, in which case it's TREASON, I tells ya! TREASON!

Sort it out, America. It's time for torches and pitchforks, and a nice stoll down to Washington DC... Unless you do that, the rest of the world will simply look on and laugh at the mess you've got yourself in ;)