Slashdot Mirror

← Back to Stories (view on slashdot.org)

DHS CyberSecurity Misses 1085 Holes On Own Network

Posted by CmdrTaco on from the do-as-i-say dept.

Tootech writes "In a case of 'physician, heal thyself,' the agency — which forms the operational arm of DHS's National Cyber Security Division, or NCSD — failed to keep its own systems up to date with the latest software patches. Auditors working for the DHS inspector general ran a sweep of US-CERT using the vulnerability scanner Nessus and turned up 1,085 instances of 202 high-risk security holes. 'The majority of the high-risk vulnerabilities involved application and operating system and security software patches that had not been deployed on computer systems located in Virginia,' reads the report from assistant inspector general Frank Deffer."

2 of 86 comments (clear)

  1. Re:no this is what you get with outsourced IT VA by erroneus · · Score: 5, Informative

    This is exactly correct. They would rather hire contractors who CLAIM they will do things so that they can fire them later when they don't do it. If they actually hire good people, they have additional egg on their faces when things don't go right and the blame game is even harder to sort out. This is all about blame shifting and the appearance of easy "correction." Having worked for DHS for a couple of years, I saw a lot of rather disgusting and disturbing things about the way they hire contractors and then don't oversee their activities. When security screeners were being hired, I witnessed an 18 year old girl being hired as a supervisor and this was her VERY FIRST JOB. She had absolutely zero employment experience and was hired on in a leadership role. Nothing explains this adequately. They had contractors doing the hiring and staffing for that operation and it didn't work out so well. I heard that somewhere between 20 and 25% of the people initially hired didn't pass the background check and were subsequently let go more than a year later so I got to see the process repeat itself AGAIN where they used contractors to do another round of mass hiring and staffing. They never learn.

  2. Re:Idiots by mcgrew · · Score: 5, Insightful

    No, its that DHS has nothing to do with true security. Their job is security theater, as evidenced at any airport. The Armed Forces and National Guard are there for the real security.

    DHS is a waste of good tax money. It should be spent on infrastructure.

    --
    Free Martian Whores!