800 Break-ins at Dept. of Homeland Security

WrongSizeGlass writes "Yahoo is reporting about the computer security nightmare going on at the Department of Homeland Security. Senior DHS officials admitted to Congress that over a two year period there were 800 hacker break-ins, virus outbreaks and in one instance, hacker tools for stealing passwords and other files were found on two internal Homeland Security computer systems. I guess it's true what they say ... a mechanic's car is always the last to get fixed."

I'll only say...

[damn_registrars]

That ending line is far too kind.

"a mechanic's car is always the last to get fixed" Assumes that the DHS is somehow competent to fix anything at all.

Re:I'll only say...

[Intron]

Never mind competent. What exactly do they do? I can understand the purpose of the FBI, CIA, NSA, Treasury, FDA, FAA and SEC in law enforcement. What does DHS do that isn't covered already? The only thing I can find is publishing the threat level (currently Yellow = Run and Hide, except the airline industry is at Orange = Don't Bring Juice). Does anyone pay attention to that?

Do we really need a whole beurocracy to make the various departments share information and cooperate with each other? Aren't they run by grownups?

Big assumption

[Tony]

I guess it's true what they say ... a mechanic's car is always the last to get fixed.

That's very true.

Especially when the mechanic is incompetent, and more interested in throwing around political weight than actually trying to accomplish anything useful.

One thing is for sure.

[AltGrendel]

The people that are smart enough to really do this IT stuff properly for the DHS are smart enough to earn more money elsewhere.

800 is a lot compared to who?

[jofny]

Point 1: Considering the complete inability of standard technical solutions to security problems to prevent a significant number of attacks/infections from being successful, this is not like the mechanics car getting fixed last. It's called "the security industry and standard methodologies continue their long history of consistent failure at organizations, both public and private"

Point 2: Those numbers are a completely meaningless abstraction without tying them back to type of attack, actual damage, importance of the data on those systems or their roles in launching further attacks, what kind of infections occurred and their damage potential, and finally what those numbers look like compared to other orgs of the same size.

Point 3: Homeland Security is comprised of multiple mostly-independant sub orgs (like Coast Guard, TSA, etc)....so..saying DHS had so many attacks is misleading without clarification

Point 4: Not saying theyre not making mistakes, just that those "facts" dont tell you either way what the actual state of things is.

Re:Homeland Security != Information Security

[eln]

DHS was created in response to the 9/11 attacks as a purely political move to make it look like we were serious about fighting terrorism. It created a huge bureaucracy, gave it an impossibly broad mandate, and made it more difficult for existing agencies (that were moved under DHS because they were at least tangentially related to protecting the country against various things) to do their jobs. As a result, the government is far less capable of intelligently defending against attack than it was before. It is only capable of wildly overreacting to perceived threats (like someone slipping through airport security with 4 ounces of hand soap rather than the mandated maximum of 3), again so it can appear as if it is on top of things.

DHS was a bad idea that was implemented poorly out of a panicked need to do *something* following the attacks.

My computer is always the FIRST to get fixed.

[khasim]

Gotta agree with that. If they were competent, they'd have their own house in order.

Just as anyone here who's competent with a computer has their systems up-to-date and tuned.