U.S. Cybersecurity Not So Secure?

freaktheclown writes "According to CNet, 'government auditors have been saying that Homeland Security has failed to live up to its cybersecurity responsibilities and may be 'unprepared' for emergencies.'" The article discusses FEMA's handling of relief efforts for hurricane Katrina and how a very similar situation exists with electronic security measures in the U.S. In addition to a conjecture the department of cybersecurity has been "plagued by a series of damning reports, accusations of bureaucratic bungling, and a rapid exodus of senior staff that's worrying experts and industry groups."

That's what happens when unqualified people..

[CyricZ]

... are given jobs because of their political affiliations.

Yes, unqualified people performing serious jobs leads to nothing but problems.

Re:That's what happens when unqualified people..

[clambake]

Yes, unqualified people performing serious jobs leads to nothing but problems.

Careful now, that sounds a bit like TERRORIST talk to me...

Re:That's what happens when unqualified people..

I think that attitude is part of the problem. The initial post laments:

..accusations of bureaucratic bungling, and a rapid exodus of senior staff that's worrying...

I think those things are very intertwined. Whenever there is a governmental mistake, or failure to accurately foresee the future, accusations start flying. The media Queen of hearts shouts at everyone, "Off with their heads". No wonder there's an exodus of senior staff.
Help Wanted:Anyone want to fill the 'scapegoat' position? I didn't think so.

Re:That's what happens when unqualified people..

[Tackhead]

> ... are given jobs because of their political affiliations.
>
> Yes, unqualified people performing serious jobs leads to nothing but problems.

You miss the point. The purpose of cycling senior people through the bureaucracy isn't because the bureaucracy's ineffective, it's because it's the gateway to a consluting career with the bureaucracy. That's how the Aristocracy of Pull works, and it works the same way whether the Jackasses or the Elephants are in charge. (The only catch is that you can only pull fellow Jackasses (or Elephants) through the door -- and because your tribal totem isn't going to be in charge forever, whenever your gang's in charge, you're obliged to bring the maximum number of fellow gang members through the door as possible during your time in charge.)

To recap:

1) Cultivate enough pull to get a cushy appointment.
2) As a courtesy to the last guy to hold your post, hire him as a conslutant at double his previous pay.
3) Continue to ineffective -- preferably so ineffective that you have a good excuse to resign in "disgrace" within a year or so. This frees up the slot so your boss can reward another guy with pull.
4) Get hired by the new guy at half the political liability to your friends, and at double the pay.
5) PROFIT!

The less effective the bureaucracy, the more people can be run through the revolving door during the course of a given administration, and the more taxpayer dollars can be looted in the process. And because pull is proportional to dollars looted, the system creates its own incentive. Launder, rinse, repeat.

Re:That's what happens when unqualified people..

[CyricZ]

The media Queen of hearts shouts at everyone, "Off with their heads". No wonder there's an exodus of senior staff.

Except in the United States the media does not seriously question the government. That is why the Bush administration was able to preside over several of the worst incidents in American history, and have emerged basically unscathed.

Re:That's what happens when unqualified people..

[bakes]

the gateway to a consluting career

This is one of the most insightful typos I've seen on slashdot.

Re:That's what happens when unqualified people..

[Pig+Hogger]

the gateway to a consluting career

This is one of the most insightful typos I've seen on slashdot.

It's even funnier when you know that in french, "con" means "cunt" (both as in "vagina" and "stupid")

Re:That's what happens when unqualified people..

First:
I find it amusing that the Right Wingers out there have latched on to this mantra of "Democrats believe the Bush caused Katrina, what idiots".. I couldn't figure it out at first and then I realized that this was an unclever ploy to make Liberals look stupid somehow.. except that I couldn't find any Liberals actually ever even IMPLYING Bush was responsible for "causing" Katrina..

What Liberals were saying (right or wrong) is that it wasn't handled appropriately and Bush even agreed and took responsibility for this.

So please do yourself a favor and stop regurgitating whatever Fox News feeds you. (the origins that Democrats were even suggesting that came from Ben Stein http://www.snopes.com/katrina/soapbox/benstein.asp )

Let's see you like to talk a lot of officially approved Right Wing propaganda, but who had the highest death toll from Katrina? .. Which State? I'll help you out.. Starts with an L and ends with an A.
Here's a little link for your narrow mind.. Please click on it, it will help to educate you:
http://www.chron.com/cs/CDA/ssistory.mpl/nation/33 87284

Let's see Louisiana had 1003 dead, Missisippi which you claim was hit the hardest only had 221 people dead.. Let's see I guess math escapes you, that's almost 5 times as many dead in Lousiana.

Maybe you should get your facts straight and do a little bit of research from alternative news sources before you go off spouting the misinformed Fox News spinning of the facts.

Re:That's what happens when unqualified people..

[Doc+Ruby]

If the media weren't in Bush's pocket, the departure in disgust of every "cybersecurity czar" we've had (all under Bush) would be a running story about how we're begging to get hit. We pay taxes to a government we elected to protect us from threats, and those responsible for the cyber department won't accept liability for their useless department. That's not "scapegoating". If the department were competent, there wouldn't be any need to scapegoat anyone. Anyone watching their counterparts across DHS leave thousands to die in the wake of Katrina can tell that we're paying fools to pretend to protect us. And if reporters were more competent than these DHS personnel they cover for, it wouldn't take Katrina to show how screwed we all are.

Re:That's what happens when unqualified people..

[NMerriam]

Whenever there is a governmental mistake, or failure to accurately foresee the future, accusations start flying. The media Queen of hearts shouts at everyone, "Off with their heads". No wonder there's an exodus of senior staff.

But that's not what happens -- the media doesn't scapegoat invisible public service employees who've been dutifully showing up doing their job every day for 30 years. Those employees make it through scandals in administration after administration, because everyone knows the agency will not function without them -- ocassionally one may be scapegoated internally, but they don't have any "sex appeal" to the media.

This recent wave IS very different, because it is one of the first times that these guys do seem to be resigning in large numbers -- not because of "media pressure" (the media doesn't even know who these guys are), but because of inept cronies being put in place above them, and then the cronies not being smart enough to realize the career professionals should be running the show.

That's exactly what is happening with the CIA right now, where guys who have happily served both Republican and Democratic administrations for decades are suddenly being dictated to on how to perform their jobs by people who are barely qualified to operate the paper shredder.

"The Media" isn't pushing out the senior CIA officials, the Bush administration is, the same way they pushed Whitman out of the EPA (I mean, geez, the Republican governor of New Jersey is "too liberal" on the environment? Reality check! That's as crazy as suggesting a quadrupegic veteran isn't patriotic!)

Security Through Obscurity is my motto

[Average_Joe_Sixpack]

I keep all my usernames/passwords on a Geocities hosted site.

Re:Security Through Obscurity is my motto

[heavy+snowfall]

I keep all my backups as encrypted files named hot_nude.avi on kazaa.

--
Use your bluetooth phone as a modem for Linux

The root cause?

[clevershark]

Well duh, it's hardly surprising, when everything's considered.

How important is it REALLY?

[plover]

Seriously, the intarweb has been little more than a stew of viruses, zombies and DOS attacks for years now. Yet we all manage to show up and do our jobs. How bad could a "cyberattack" really be, if we're living through the current levels of crap?

And what good is a "federal overseer" when they have no jurisdiction over half of the network?

I say that we're no worse off for not having a top-dog. It's a meaningless, ineffective position. Why spend the money on it, much less promote the position to a direct report under the DIRHSA?

the ownership vs. threat info gap

[G4from128k]

One core problem is that the people that regulate cybersecurity don't own the infrastructure. This means they have little hope of understanding how real-world privately-owned (and vulnerable) networks operate. The flip side is that the government people that might have intelligence data on cybersecurity threats won't share that info with the people that actually own and operate the networks.

One group (govt) may understand the threat, but is clueless on the operations side. The other group (owers) don't have the classified intelligence data on the threat, but do know the operations side of the network.

Until the two sides share both info and operations knowledge, cybersecurity isn't possible.

Who wants a top-down solution anyway?

[Quadraginta]

Goodness, who wants the Federal government to be responsible for general IT security in this country? I mean, let's just think carefully through the kind of power over the network they'd need (or say they need) to be given to achieve it.

Brrr.

DHS bit off more than they can chew

[KerberosKing]

All year long, they have had no one at the helm for cybersecurity. It shouldn't surprise anyone. Let's take a job that many different agencies struggled to keep up with before, then add the requirement that they all reorganize into DHS, where instead of computer security being their number one focus, it is one of many concerns. I would bet the funding for DHS compsec is less than the total spent by the seperate agency committees. There is only so much you can save by pooling resources, and I would agrue it gets lost when you have to compete for attention with WMDs, IEDs and other serious physical security threats.

A history of unfavorable gov't security reports

[sczimme]

Much of the Federal government has a sub-optimal track record in the security arena. In March of 2004 Rick Forno published an article (with links) that summarized Uncle Sam's security issues:

The farce of federal cybersecurity

(That's the title Rick used, btw.)

That was known years ago.

[khasim]

There was a plot to fly a plane into the Eiffel Tower. We've known planes were considered as weapons for years.

But planes are physical objects. They cause physical damage. Normal, healthy people can be killed from physical damage.

What's the very worst that can happen if the Internet goes down?

That's not a rhetorical question. Think of the worst situation you can and then think of whether it would be better/safer to not have the Internet connected to whatever it is. Nuclear plant cyber-attack? Why have them on the 'net in the first place? Dam flooding a town? Same thing.

The first thing any "cybersecurity czar" should be doing is making sure that the potential for damage is reduced.

If the worst thing that they can do is to steal your identify and money online, then you're "safe" in that it won't kill you or physically cripple you.

But that takes thought and expertise in evaluating the real threat.

Re:culture of corruption == incompetence

[opencity]

>While I do agree that Bush is the poster boy for corruptness, dont forget that both parties are a bunch of corrupt criminals.

I'm a lesser evilist. No love for the DLC, but they are significantly easier on the long term health of the country and the standard of living of the lower income 99% of the population. Pop quiz: Who balanced the Federal budget and in what year? Question 2: Under which post WWII administration was the most national debt accumulated?

> Do yourself a favor and stop being an idealogue.

Why stop being an idealogue? I don't blindly accept dishwater corporate Democratic party me-to-ism, kneejerk lefty utopianism, sectarian rightwing culture warring or highschool libertarianism.

So if I complain about Clinton cheating on his wife I'm a patriot, if I complain about out of control cronyism or Haliburton overchages I'm (supporting the terrorists) an idealogue? The 'conservative' movement since Ronald Reagan is completely morally bankrupt (and not very conservative except socially).

> I give this post a 2/10 on the troll factor.

It's a start. I'll try harder next time. Why did the Bush dig get on your nerves? You vote for that idiot and the continued looting of the US and now have buyer remorse? Or should we stick to tech here in which case I USE FLASH (let the flame war begin)

Re:Homeland Non-Security

[sinewalker]

Actually I would say that Homeland Security is all about enforcing the US Government's control over it's own people, and a prime example of the Freedom that most US Citizens NO LONGER HAVE. Witness:

* The DMCA
* The PATRIOT act
* The increasing biocontrols at air and sea ports
* Mandatory fingerprints for all US citizens entering or leaving the country
* The scary ability that US police shows portray of any US citizen being seconds away from a database search, and the apparent acceptance by Hollywood that this is normal and good
* Unjustified arrests of Americans at protests
* Unexplained (and probably unjust) deportations of Americans from other countries, for apparent civil disobedience.

Homeland Security has done nothing about the safety of US Citizens because it is not really about that (that's just the excuse). It is in response to terrorism launched by naturalised americans against America.

I am not an American. I am living in a country that also enjoys the same Freedom by Constitutional right that Americans worship, only for Australia it was done without a war and without ammendments. I feel sorry for Americans as I watch their freedom being erroded by a runaway dictator president who was not even elected by the People of America. I feel shocked that so many Americans feel that they are still "the land of the free". And I watch in horror as my own country follows that same path.