Slashdot Mirror
Computer Security Lacking at Homeland Security
peter303 writes "The New York Times (reg. required) reports that computer backup procedures are woefully inadequate at 19 centers of the Department of Homeland Security. Should this agency strive to be good example for the rest of the country and protect against extreme hackers? " From the article: "Adequate backups were lacking for networks that screen airline passengers, that inspect goods moving across borders and that communicate with department employees and outside officials.
Those same agencies, the auditors found, have in most cases failed to prepare sufficiently written disaster recovery plans that would guide operations if a main office or computer system was knocked out."
It is wrong that they don't have backups. However a lot of this data is stuff that I want to be on a server that crashes hard, without backups. Preferably in such a way that even disaster recovery places can't get the data back.
Don't take this as flamebait but I have the feeling that nobody's really trying hard enough to protect us. We stand an hour longer in the security line just so that people can bring explosives through in their shoes? Now they make us take our shoes off. What if someone brings explosives through in their pants?
Same here...they pretend to try to catch terorists when in reality the next power failiure could knock the whole list out.
~Ilyanep
To get message, take amount of carrier pigeons at each stage mod 2. Then decode binary.
"I'm sorry, Sir, you can't board. Our screening system is down."
"I've got a ticket. I've shown you my papers. You (and every RFID hacker within 50 feet of my entire path through this airport) have scrutinized my RFID passport. I've given my decilitre of blood for biometric screening. The plane is about to close door and push off. I'm returning home after 18 months dodging RPGs and Kalashnikov fire in Bagdhad, and I'm still in uniform. And you're telling me I can't board because you can't be sure I'm actually not bin Laden in extremely clever disguise?"
"No, Sir, I'm telling you that you can't board. Our screening system is down."
"This is unacceptable. Who is your supervisor?"
"That is classified. Please wait here. [whispers into radio: "Got another Gitmo client for ya."]
Welcome to the Panopticon. Used to be a prison, now it's your home.
Basically the only people who want to hack homeland security computers would be terrorists.
...and UFO researchers. Don't forget UFO researchers.
;-)
Seriously, though, I'd tend to blame "hacking" like this on the intelligence and security services of foreign powers (and their domestic servants, etc) before I blamed terrorists. Terrorists tend to prefer, well, terror, preferably against a multitude of frightened civilians.
This is where the serious fun begins.
WTF are "Extreme hackers"?
People who crack Windows boxen while bungee jumping? Releasing IIS worms from a wi-fi enabled handheld in a canoe half-way down some whitewater rapids?
Or, y'know, just yet another pathetic attempt to make something fundamentally known and understood sound suddenly somehow exciting and dangerous?
Oh, and for reference? The "Extreme Hacker" your link's about was a 37 year-old script kiddie who Haxx0red Us government machines direct from his own home connection.
You couldn't get stupider (and less '1ee7) if you tried...
Everything in moderation, including moderation itself
Hey now, don't try and pressure them to reform. You know very well that if the Department of Homeland Security is forced to spend the resources to make its network more secure, the terrorists win. Do you really want the terrorists to win? Why do you hate America so much?
Sigur RÃs: I didn't know that Heaven had a rock band.
This reminds me of a story. I once worked for a company that specialized in tape backup software, name withheld. (I worked on Long Island then, not the on the plains of CHEYENNE, so don't try to guess the name of the company.) A few months after I stopped working there, I received a phone call from my ex-manager that went something like this:
Mgr: So how's it going? Blah blah blah...
Me: It's fine. Blah blah blah...
Mgr: So..um..did you ever "borrow" a copy of the source code to the Disaster Recovery solution that you single-handedly wrote? You know, for "posterity" reasons?
Me: Of course I didn't. That wouldn't be ethical for sure and probably would be illegal. Why do you ask?
Mgr: Well, it seems that the hard drive that your machine used crashed and we don't have a backup.
Yep. That's because no one is looking at the systems and processes with the intent of actually improving them.
Instead, we have knee-jerk reactions from people who do NOT understand security who attempt to compensate for previous attacks with new rules/regs.
And the "pretend" is the problem. That's exactly what they're doing. And they're hoping that the public will accept that as them actually doing something about the problem.
It's all about the public perception of the issue.
The same as it is in all aspects of politics.
As long as there isn't a power outage, they're doing a "good" job, as far as the public is concerned.
If there is a power outage, then it comes down to whom they can blame.
It's a lot easier and far more cost effective for the politicians to be re-active rather than pro-active.
Which is why security is NOT something that ANYONE should allow a politician to be involved in.
From the summary (no, I'm not going to RTFA when the subject and summary are so far out of whack):
Adequate backups were lacking for networks that ... in most cases failed to prepare sufficiently written disaster recovery plans that would ..."
So, if I have valid backups of all the patient data here, I guess those HIPAA security requirements are met, eh? Or do I have to have valid backups and a DR plan to achieve 'computer security' nirvana?
Now, if the issue were that their backup tapes were going offsite, unsecured and unencrypted, then the subject might make sense. But, this is silliness. Almost as silly as the DHS itself (hint: The Department of Homeland Security isn't supposed to keep the people safe from terrorists, it's supposed to keep the government safe...think about that one), but...whatever. (sigh)
Security? The same argument may be applied to politicians running the economy and creating legislation and regulations, too.
Perhaps we ought to look into education so our peasants aren't so damn gullible to the wiles of politicians.
"Provided by the management for your protection."