Slashdot Mirror

← Back to Stories (view on slashdot.org)

Report: US Government Worse Than All Major Industries On Cyber Security (reuters.com)

Posted by BeauHD on from the graded-on-a-curve dept.

schwit1 quotes a report from Reuters: U.S. federal, state and local government agencies rank in last place in cyber security when compared against 17 major private industries, including transportation, retail and healthcare, according to a new report released Thursday. The analysis, from venture-backed security risk benchmarking startup SecurityScorecard, measured the relative security health of government and industries across 10 categories, including vulnerability to malware infections, exposure rates of passwords and susceptibility to social engineering, such as an employee using corporate account information on a public social network. Educations, telecommunications and pharmaceutical industries also ranked low, the report found. Information services, construction, food and technology were among the top performers. And we are supposed to trust them with healthcare? This report comes after President Obama recently unveiled a commission of private, public and academic experts to bolster the U.S. cyber security sector.

10 of 124 comments (clear)

  1. Can we turn the hyperbole down to 10? by damn_registrars · · Score: 5, Insightful
    The line

    And we are supposed to trust them with healthcare?

    Is beyond absurd. Anyone who read the slightest bit of the Affordable Care Act knows that it does not put government in charge of health care. In fact, it did almost exactly the opposite of that and gave the insurance industry - which was already disgustingly powerful - even more power. The only function of healthcare.gov is to connect the (now obligate) consumer with a company who will sell them a policy.

    In other words the ACA is a license for the health insurance industry to print money. They quite nearly had it before, but now it has been fully formalized.

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    1. Re: Can we turn the hyperbole down to 10? by damn_registrars · · Score: 5, Insightful

      It's that many Democrats want to give control of healthcare to the government.

      First of all, that is a pointless claim for several reasons. One, it is pointless because it won't happen. Two, it is a pointless claim because there are no democrats currently in Washington who are willing to propose anything that even slightly resembles an initiative to "give control of healthcare to the government".

      Second, what do you even mean by "give control of healthcare to the government"? Even the most socialized of all medical systems still give the physicians at least as much autonomy as our system does.

      In other words, you are just parroting standard slashdot conservative FUD.

      --
      Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    2. Re: Can we turn the hyperbole down to 10? by damn_registrars · · Score: 5, Interesting

      One, it is pointless because it won't happen. Two, it is a pointless claim because there are no democrats currently in Washington who are willing to propose anything that even slightly resembles an initiative to "give control of healthcare to the government".

      I have two words for you: "Bernie Sanders"

      So which do you understand less well then, healthcare control, or Bernie Sanders? Clearly you don't understand either very well that you try to place the two in the same boat.

      Let's establish an important fact here - especially since your comment is woefully lacking in facts. Single-payer health care does not mean the government tells your doctor what to do. It does not mean there is a bureaucrat in the office with you second guessing every decision your physician makes. What it does mean is that everyone has the same base level of care (which is currently a completely alien concept in the US) and the government sets the rates they will pay for certain things. You want other things? You can go buy them yourself.

      More to the point though, Sanders can't pull off single payer, at least not any time soon. If the DNC would allow him to be the nominee (which they won't) he would wipe the floor with any GOP candidate in the general election (as every single national poll from every single polling group or company has shown). However, President Sanders would still encounter too much GOP opposition in congress to pull off single payer. He can't make it happen simply as a product of his own will.

      The ACA is just the government doing what the government does best, fucking up

      The ACA is the largest corporate handout in the history of government, period. With the ACA the federal government gave the health insurance industry a license to print money and made us all obligate consumers of their shitty products.

      And no, this is about security, not physician choice

      Indeed the article here is about security. However in classic slashdot conservative spin, the editor here editorialized it into a baseless attack on the government. The government gets plenty wrong without people making shit up out of nothing.

      They also suck at bureaucracy

      I'm going to conclude from that statement that you don't actually know any health care providers first hand. Every provider in the US right now spends a huge chunk of their time dealing with bureaucracy. They mastered it in med school - if not sooner - and they face it nearly every hour of every day now as a provider.

      and also at not charging an arm and a leg for their services.

      If you would set down your kool-aid for a moment and think about this problem you would realize that the physicians have little to do with what is charged for their services. These rates are mostly set by the health insurance industry and various costs that come from dealing with them.

      --
      Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    3. Re: Can we turn the hyperbole down to 10? by damn_registrars · · Score: 2

      no democrats currently in Washington who are willing to propose anything that even slightly resembles an initiative to "give control of healthcare to the government"

      Yeah, there is.

      Government does not control healthcare for medicare patients. What it does do is set the prices that they will pay for services; doctors are free to accept or reject those (by accepting or rejecting medicare patients). If tomorrow morning we woke up and found that every person in the US was covered by medicare the government would still not be controlling healthcare, as people would still be free to pay out of pocket (for things that medicare didn't cover or for providers who don't want to accept medicare).

      but realistically what we have now isn't that great, either.

      What we have now is horse shit. I would rather have medicare. In 2010 congress gave the insurance industry a license to print money; the industry was already disgustingly powerful and they made them even more powerful. I would much rather take my chances on medicare.

      --
      Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    4. Re:Can we turn the hyperbole down to 10? by ole_timer · · Score: 2

      http://blog.chron.com/txpotoma... that picture says it all

      --
      nothing to see here - move along
  2. You want quality, you need to pay for it by Minupla · · Score: 4, Interesting

    ... And I'm not talking about writing large checks to companies that want to sell you something. They don't have your best interests at heart.

    The issue is that anytime Joe Q Public hears of government employees making 6 figures he goes ballistic. He does this without any thinking or research about what a comparative job in the private sector pays.

    People work in infosec in govt long enough to be attractive to $BigGovtContrator and then bail, get the real salary from the contractor and cash in. That's the game. There's probably a few honest folks who are trying to make things better, but they'll be undercut by the ones trying to give big sweet contracts to $BigGovtContractor in order to pad their parachute.

    If we want govt to be effective we have to stop losing our pressure valve because someone working for the government is making more then we do.

    And this is pretty much without respect to which country we're talking about. I'm not American but I work in infosec and I won't take a govt job here either. Tried it for like 6 months, saw the game and ran for private sector (no, not for $BigGovtContractor).

    I know, not what you want to hear, and I expect to get modded down, but sometimes the truth hurts :)

    Min

    --
    On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
  3. AstroTurf by Frosty+Piss · · Score: 4, Interesting

    I always look at "reports" like these with a very skeptical eye because usually they have been produced for some company looking for a contract. As a 20 year DoD employee, I can tell you that neither my SIPRNET nor NIPRNET has been owned by anyone. Except the Chinese, but that's normal, right?

    --
    If you want news from today, you have to come back tomorrow.
  4. Yes, we trust them with healthcare by Sir+Holo · · Score: 4, Interesting

    FT-Summary: And we are supposed to trust them with healthcare?

    The largest data-breach in American history was of Anthem(TM), a private health-insurance company.

  5. Public vs private by bestweasel · · Score: 2

    Aren't private entities more likely to keep data breaches quiet if they can, to avoid reputational damage or frightening the stockholders? They don't have to follow the same disclosure rules as the Government if personal data isn't involved and aren't necessarily subject to the same FoI laws.

  6. Re:Anyone get the actual report? by clovis · · Score: 2

    The Reuters article has a link to the actual report:
    http://info.securityscorecard....

    They have a form to fill out and they send a link to your email address for the download. No biggie there, we all have many addresses.
    But they also demand your phone number. I'm not giving anyone my real phone number, wtf, and why would they even ask?

    They haven't yet sent me a link.
    Anyone seen the report? I'm curious to know what was their criteria for ranking. And, considering that unauthorized penetration testing is kind of a no-no, I'm even more curious as to how they obtained their data.

    I poked around on their web site and stumbled across a scroll-up window link that downloaded the file directly, although the link did not say that.
    http://blog.securityscorecard....

    Some of their criteria makes sense:
    "SecurityScorecard identifies potential vulnerabilities in network security by identifying open ports and examining whether or not an organization uses best practices such as staying up-to-date with current protocols, or securing network endpoints to ensure external access to internal systems are minimized. "

    Some I wonder about. This sounds like a process that would depend upon luck. I don't see how a even-handed comparison of many sites could be done.
    "To evaluate if malware is active in a system, SecurityScorecard reverse engineers the source code of an infection and determines how the malware communicates back to its command and control servers. Researchers can then intercept the communication, which can be traced back to an IP address from which it’s emanating, indicating an infected network. “

    And then there's things like this:
    "SecurityScorecard identifies multiple factors related to social engineering such as employees using corporate account information in social networks, employees exposing an organization to phishing attacks and spam, and employees posting negative reviews of the business to social platforms."

    Their scoring is opaque. They have like 10 items they grade on and they provide an aggregate score. You don't know if they got dinged because employees are griping on facebook, or if it's because they're running Windows NT on their web servers.