Slashdot Mirror

← Back to Stories (view on slashdot.org)

Computer Security Lacking at Homeland Security

Posted by Zonk on from the security-is-in-the-name dept.

peter303 writes "The New York Times (reg. required) reports that computer backup procedures are woefully inadequate at 19 centers of the Department of Homeland Security. Should this agency strive to be good example for the rest of the country and protect against extreme hackers? " From the article: "Adequate backups were lacking for networks that screen airline passengers, that inspect goods moving across borders and that communicate with department employees and outside officials. Those same agencies, the auditors found, have in most cases failed to prepare sufficiently written disaster recovery plans that would guide operations if a main office or computer system was knocked out."

31 of 158 comments (clear)

  1. HA! by uberjoe · · Score: 2, Funny

    Oh what a delicious irony. Insecurity and the Dept of Security.

    --

    The days of the digital watch are numbered.

    1. Re:HA! by JamesD_UK · · Score: 2, Funny

      My computer homeland security appears to perfectly adequate. Just try hacking me!

    2. Re:HA! by Rei · · Score: 3, Funny

      Hey now, don't try and pressure them to reform. You know very well that if the Department of Homeland Security is forced to spend the resources to make its network more secure, the terrorists win. Do you really want the terrorists to win? Why do you hate America so much?

      --
      Sigur RÃs: I didn't know that Heaven had a rock band.
    3. Re:HA! by dodobh · · Score: 2, Funny

      The ministry of peace.
      The ministry of truth.
      The department of homeland security.

      --
      I can throw myself at the ground, and miss.
  2. And for those of us who don't want to register.... by DotNM · · Score: 2, Informative

    ... for every little thing we want to read.... User ID: slashdotreader Password: slashdot

    --
    There's no place like localhost
  3. I'm torn... by bluGill · · Score: 3, Insightful

    It is wrong that they don't have backups. However a lot of this data is stuff that I want to be on a server that crashes hard, without backups. Preferably in such a way that even disaster recovery places can't get the data back.

  4. Who needs good security on homeland computers? by CrazyJim1 · · Score: 2, Funny

    If they can trace down who's hacking them, they deserve a stiff jail time. Any one who attempts to hack homeland security computers knows that they're going to get serious jail time. Basically the only people who want to hack homeland security computers would be terrorists.

    --
    God spoke to me.
    1. Re:Who needs good security on homeland computers? by I+confirm+I'm+not+a · · Score: 3, Insightful

      Basically the only people who want to hack homeland security computers would be terrorists.

      ...and UFO researchers. Don't forget UFO researchers.

      ;-)

      Seriously, though, I'd tend to blame "hacking" like this on the intelligence and security services of foreign powers (and their domestic servants, etc) before I blamed terrorists. Terrorists tend to prefer, well, terror, preferably against a multitude of frightened civilians.

      --
      This is where the serious fun begins.
  5. It's all an Illusion by ilyanep · · Score: 5, Insightful

    Don't take this as flamebait but I have the feeling that nobody's really trying hard enough to protect us. We stand an hour longer in the security line just so that people can bring explosives through in their shoes? Now they make us take our shoes off. What if someone brings explosives through in their pants?

    Same here...they pretend to try to catch terorists when in reality the next power failiure could knock the whole list out.

    --
    ~Ilyanep
    To get message, take amount of carrier pigeons at each stage mod 2. Then decode binary.
    1. Re:It's all an Illusion by Tackhead · · Score: 2, Interesting
      > I have the feeling that nobody's really trying hard enough to protect us. We stand an hour longer in the security line just so that people can bring explosives through in their shoes? Now they make us take our shoes off. What if someone brings explosives through in their pants?

      ...then evolutionary pressures start to select in favor of people like the Goatse Guy?

      Seriously - that was the biggest disappointment about the shoe-bomber case. If he'd only smuggled the bomb up his ass, the simple act of getting in line at the airport would be a lot more fun.

      Imagine hearing stuff like "Excuse me, ma'am, I think you're kinda cute, and since I'm kinda average, and since the guy front of me is obviously better-looking than me, and since the guy standing behind you is obviously gay, I think that three out of the four of us would be happier if you and I switched places. How 'bout it?"

      Everybody wins!

    2. Re:It's all an Illusion by Bios_Hakr · · Score: 2, Interesting

      Something I've wondered is when the terrorists will actually have the explosives INSIDE them. Fuck, if you are gonna die anyway, just pull out a kidney or pack some explosives inside a lung.

      The main problem will be to get the guy so drugged he won't care about the stitches/pain yet will still be able to physically board the plane.

      It'd be even better to use a post-partum woman. She'd already have a lot of room and wouldn't really require surgery to implant the explosives. It'd be hard to get a woman recruited into their little cult, but if they kidnap a baby and promise to release the child if the woman goes with their plan, I'm sure they'd get a few willing moms.

      Just remember: The next thing will be something we don't expect. Kinda like the Inquisition.

      --
      I'd rather you do it wrong, than for me to have to do it at all.
    3. Re:It's all an Illusion by geoff+lane · · Score: 2, Insightful

      If you do have a bomb, a long queue of annoyed, tired travellers in a crowded airport looks a lot like a lovely soft target. Why try to get on the plane?

    4. Re:It's all an Illusion by Pollardito · · Score: 2, Insightful

      it's not really about protecting us. it's about having a reason to issue contracts to the same companies that would be producing items for our military if we still had a credible opposing superpower. i for one feel a little warm fuzzy that they even bother to come up with these flimsy excuses. they wouldn't lie to us if they didn't care what we thought

  6. And this matters how??? by shoppa · · Score: 2, Interesting
    What difference does it make whether you have backup hardware/network/software ready when the primary doesn't even do the desired job? The government as a whole spends billions every year to attempt to refine ill-defined requirements into working productive systems that fill real needs. The DHS has never succeeded in producing such a system.

    It's easy to pick holes in the lack of backup of a system, but it's pointless when the system has no utility to begin with.

  7. If you don't know how to do it... by shoppa · · Score: 2, Insightful
    As a follow-up to my previous comment:
    If you don't know how to do it, YOU DON'T KNOW HOW TO DO IT ON A COMPUTER

    DHS has computer problems, sure, but the agency as a whole is a misguided waste of resources. It's probably better that it's computer systems don't work, otherwise they'd figure out a way to stop Ted Kennedy from driving or using an elevator in addition to not flying.

  8. This could really suck... by idontgno · · Score: 5, Insightful
    Adequate backups were lacking for networks that screen airline passengers...

    "I'm sorry, Sir, you can't board. Our screening system is down."

    "I've got a ticket. I've shown you my papers. You (and every RFID hacker within 50 feet of my entire path through this airport) have scrutinized my RFID passport. I've given my decilitre of blood for biometric screening. The plane is about to close door and push off. I'm returning home after 18 months dodging RPGs and Kalashnikov fire in Bagdhad, and I'm still in uniform. And you're telling me I can't board because you can't be sure I'm actually not bin Laden in extremely clever disguise?"

    "No, Sir, I'm telling you that you can't board. Our screening system is down."

    "This is unacceptable. Who is your supervisor?"

    "That is classified. Please wait here. [whispers into radio: "Got another Gitmo client for ya."]

    --
    Welcome to the Panopticon. Used to be a prison, now it's your home.
  9. But George said it was OK! by Yonkeltron · · Score: 2, Insightful

    This is very interesting news after Bush just got done saying how great the new patriot act is. It looks to me that our own security got lost while we were busy questioning the integrity of others. Between the roving wire-taps and the judge-less warrants, I think I deserve to know that the people taking away my information can keep it safe from others who would want to take it away.

    --
    Keep the faith, share the code
  10. What do backups have to do with security? by MythoBeast · · Score: 2, Interesting

    Since when does failing to back up your hard drive make your system easier to hack into? If you're talking about them having poor data integrity that's one thing, but this doesn't seem to point to poor computer security.

    --
    Wake up - the future is arriving faster than you think.
    1. Re:What do backups have to do with security? by Bob+4knee · · Score: 2, Informative

      Security is normally considered to have 3 aspects. Secrecy (or confidentiality), integrity, and availability. (Use the mnenomic "CIA" to remember the three components). While secrecy is (sometimes) important, it is just one part of security.

  11. "Extreme Hackers"? by Shaper_pmp · · Score: 3, Funny

    WTF are "Extreme hackers"?

    People who crack Windows boxen while bungee jumping? Releasing IIS worms from a wi-fi enabled handheld in a canoe half-way down some whitewater rapids?

    Or, y'know, just yet another pathetic attempt to make something fundamentally known and understood sound suddenly somehow exciting and dangerous?

    Oh, and for reference? The "Extreme Hacker" your link's about was a 37 year-old script kiddie who Haxx0red Us government machines direct from his own home connection.

    You couldn't get stupider (and less '1ee7) if you tried...

    --
    Everything in moderation, including moderation itself
  12. Re:And this is... by rovingeyes · · Score: 2, Insightful
    Yes, and if not it should be. There is so much fuss made by the goverment about the "security" that "Homeland Security" is going to provide this country and we even had to sacrifice a lot for that elusive "security". If that department is itself going to be a network like my home then I should be surprised.

    If general public especially computer nerds say "eh whats new" then no one else is going to bother, coz the general public doesn't even realize they have to bother.

    I know I am going in to a ramble mode but for gods sake their only job is security and they fuck it up royally and blame terrorists.

  13. Look by blair1q · · Score: 2, Insightful

    Come on.

    Is anyone really surprised that the Bush administration has done nothing significant right in the War on Terror?

    The agencies still can't communicate, they're security holes in themselves, our resources are diverted to a fanatical war in Iraq that has nothing to do with terror in America, and we find that the greatest threat to the safety of Americans today is the lies the President told or ordered to be told in order to get 1500 kids killed in a place he admits we had no pressing reason to attack.

    This isn't a troll. It's a list of the facts. Anyone disagreeing can disagree, but will be fighting the truth. Consider that before posting political dogma.

    1. Re:Look by twiddlingbits · · Score: 2, Insightful

      It IS Flamebait and you know it!

      . You don't have a clue about the facts. The Agencies DO co-operate (as indicated in the way some of the terrorists wannabes and funding sources have been rooted out here in the States), but they don't co-operate as well as they could. Do you really expect to change 25 yrs of Civil Servant attitudes in less than 4 yrs?

      The War in Iraq has a LOT to do with terrorism. Saddam and his Baath party provided sanctuary, training camps and funding for Al-Queda. To deny that is to deny FACTS, hard evidence and the statements of terrorists themselves. He would have provided WMDs when he got his programs back together when the UN got tired to looking and went back home.

      As long as Gov't agencies use Windoze there will be holes. As long as they employ humans mistakes will be made in either policy or implementation that cause holes. The issue is are they FINDING and closing the holes which I would say they are.

      Typical liberal distortion of the facts, thinking no one remembers what the truth is within a few days.

  14. This reminds me of a story... by Foolomon · · Score: 4, Funny

    This reminds me of a story. I once worked for a company that specialized in tape backup software, name withheld. (I worked on Long Island then, not the on the plains of CHEYENNE, so don't try to guess the name of the company.) A few months after I stopped working there, I received a phone call from my ex-manager that went something like this:

    Mgr: So how's it going? Blah blah blah...

    Me: It's fine. Blah blah blah...

    Mgr: So..um..did you ever "borrow" a copy of the source code to the Disaster Recovery solution that you single-handedly wrote? You know, for "posterity" reasons?

    Me: Of course I didn't. That wouldn't be ethical for sure and probably would be illegal. Why do you ask?

    Mgr: Well, it seems that the hard drive that your machine used crashed and we don't have a backup.

  15. It's not about security, only the perception of it by khasim · · Score: 4, Insightful
    Don't take this as flamebait but I have the feeling that nobody's really trying hard enough to protect us.
    Hey, I agree with you on that.
    We stand an hour longer in the security line just so that people can bring explosives through in their shoes? Now they make us take our shoes off. What if someone brings explosives through in their pants?
    Yep. That's because no one is looking at the systems and processes with the intent of actually improving them.

    Instead, we have knee-jerk reactions from people who do NOT understand security who attempt to compensate for previous attacks with new rules/regs.
    Same here...they pretend to try to catch terorists when in reality the next power failiure could knock the whole list out.

    And the "pretend" is the problem. That's exactly what they're doing. And they're hoping that the public will accept that as them actually doing something about the problem.

    It's all about the public perception of the issue.

    The same as it is in all aspects of politics.

    As long as there isn't a power outage, they're doing a "good" job, as far as the public is concerned.

    If there is a power outage, then it comes down to whom they can blame.

    It's a lot easier and far more cost effective for the politicians to be re-active rather than pro-active.

    Which is why security is NOT something that ANYONE should allow a politician to be involved in.
  16. WTF? Backups and DR equate to 'security?' by Mille+Mots · · Score: 4, Insightful
    From the title: Computer Security Lacking at Homeland Security

    From the summary (no, I'm not going to RTFA when the subject and summary are so far out of whack):

    Adequate backups were lacking for networks that ... in most cases failed to prepare sufficiently written disaster recovery plans that would ..."

    So, if I have valid backups of all the patient data here, I guess those HIPAA security requirements are met, eh? Or do I have to have valid backups and a DR plan to achieve 'computer security' nirvana?

    Now, if the issue were that their backup tapes were going offsite, unsecured and unencrypted, then the subject might make sense. But, this is silliness. Almost as silly as the DHS itself (hint: The Department of Homeland Security isn't supposed to keep the people safe from terrorists, it's supposed to keep the government safe...think about that one), but...whatever. (sigh)

  17. It's not just America by CHESTER+COPPERPOT · · Score: 2, Interesting
    Your friends in the war on terror over here in Australia plainly don't care about security either. In the last few weeks we've found dodgy baggage handlers in the airports, a chinese diplomat who is trying to defect and says that Australia is infested with chinese spies and threats against foreign countries embassies within our own soil.

    Governments are hopeless at dealing with security. They are slow, lack innovative thinking and care more for their own careers than for their constituents. What matters most is whether or not you can protect yourself, your assets and your family when (if) the time comes. Then you can rid your mind of all the political and media led one-upmanship that comes along with security and the war on terrorism and get more important things done in life.

  18. Re:WTF? Backups and DR equate to 'security?' by fuzzybunny · · Score: 2, Informative

    Backups are part of an overall security strategy, comprising, to use a well-worn phrase, confidentiality, integrity and availability. In a broad sense, you can apply this to DHS' "mission" (such as it is) as well. And yes, a DR plan, especially for an organization which is supposedly so "critical" to the nation's safety, is part of the whole shebang.

    What's this have to do with HIPAA?

    --
    Cole's Law: Thinly sliced cabbage
  19. Re:Summarization of Events by Baron+von+Blapp · · Score: 2, Insightful
    More Government and More Laws (not to be confused with Moore's Law) never protected or "secured" anyone. Ever. Just look at Europe for example.

    No matter what the government (any government) does, it will not be to protect you, it will be to protect the government. Why do they ban firearms, yet the government has firearms.... is the government somehow more responsible than the individual? No.

    As a matter of fact the governments of the world have laws that make them exempt from being responsible for anything.

    From a global perspective, law abiding and responsible humans are screwed. As Geryon would say "I think the end of the world must be getting near. Hell is getting full."

    --
    "It's too bad she won't live, but then again who does?" - Gaff
  20. Re:It's not about security, only the perception of by 4of12 · · Score: 4, Insightful
    Which is why security is NOT something that ANYONE should allow a politician to be involved in.

    Security? The same argument may be applied to politicians running the economy and creating legislation and regulations, too.

    Perhaps we ought to look into education so our peasants aren't so damn gullible to the wiles of politicians.

    --
    "Provided by the management for your protection."
  21. Re:This really tweaks me... by Akardam · · Score: 2, Insightful

    However, if members of the military were given special treatment at the border, it would create a rather obvious security hole ... I don't think it's a good thing to hassle members of the military on the way home, but if we're truly interested in securing the borders, it's necessary.

    I'm not talking about special treatment nor do I think hassling members of the military is necessary. I suppose it comes down to the fact that I don't think anybody should be treated like that.

    The real problem I have is that "homeland security" has decided that the idea of probable cause is unfashionable in this "terrorist" riddled day and age. I will grant the proceedure searching my luggage and my person for prohibited items at a security checkpoint. If I am not carrying any prohibited items, not doing anything illegal at the time, and if I am not acting in a clearly suspicious fashion, then airport security should have no probable cause to detain me.

    The military of all groups is security concious. Servicemembers traveling on orders these days have multiple ways to authenticate who they are and account for their actions (we are required to carry official copies of our orders when we travel). If the military trusts these documents enough for their own security purposes, then airport security should, too. Otherwise, the whole trust metric breaks down.

    Basically, if I show up at the security checkpoint with my military ID and orders, once I have been physically checked, why should they have any further need to detain or check me? Members of the military might not warrant special treatment but like it or not we are held to a different standard. If "homeland security" ignores that standard, then they're saying that it is as much as worthless, which is yet another slap in the face.