This reminds me of the McCarthy witch hunts, and I'm praying that someone will stand up and say so LOUDLY! Going after the Twitter traffic is only intimidation and not going to find anything substantial.
Someone please tell the Attorney General to pack sand on this one!
I'm saddened that the probable leak violated the trust placed in him when he was given a security clearance (and access), but I also empathize that he acted out of conscience. Pentagon Papers, part 2.
I remember when MP3 players showed up in lecture halls, and a posse' of students had to coerce a loud-listener to shut it off or leave. Cell phones and laptops were quick to follow...
Regrettably, the public abuse of technology is epidemic, and the kids are a reflection of their doltish parents.
So, yes, exile the toys and distractions to the dorms, and preserve the lecture halls for learning.
Thin is a relative term, and bandwidth was a serious problem with the organization that I used to work for. We were spread out all over the place, and many of our platforms were mobile. The thick client only had to move the data, but the thin clients were fussy about the pipes.
So, speaking for one user, thin only worked well when I had a fat pipe.
My family lives in a very remote area of Pennsylvania and connect via a satellite link. Non of my neighbors care to spend that kind of money for something they have relatively little use for. Dial-up barely hits 22k because of poor phone lines.
Instead, they get their news from the radio (wireless!), paper, and face-to-face conversation with friends and neighbors (social networking). As much as I love the Internet, it's a tool and not a solution. I still send my wife love notes by mail (stamp upside down) and look forward to the same from her.
Not Luddites, just reasonable people that don't waste money on something that they don't need and doesn't enrich their lives.
ay
I really like this question. I kind of think that they took it rather than were assigned it. Honestly, unless there is some bizarre mobility or expeditionary requirement for these folks, I don't see the need to put them in uniforms.
posse comitatus i probably going to tie them up a bit, and NSA or DISA has the talent already in place. I'm thinking this is a DNI thing myself...
Hoping for a meaningful answer that shows boni fide lineage to the authority that told the USAF that they should do it.
It's not difficult if you have an confederated identity management system that tracks the total access of an individual. However, a lot of web-based applications are not tied into a CIM since it could exposed the CIM to a cyber-risk.
The alternate method is manual. You have an Information System Security Officer (ISSO) act as the gatekeeper and check the person in and out for system access. This process (like the CIM) can break because of the human element: No one told anyone to deny this person access.
There is generally a lot of pressure to get folks into systems, and no incentive (other than security) to get them out. Good luck finding someone to blame for the breach later...:)
I think that there is a more interesting thread that's being ignored: Closing the IT door on former employees. Internet-accessible systems present a unique challenge since the physical security of an internal LAN is lost. Some of these systems contain sensitive information (duh) and are Internet accessable for one business reason or another. Also, a lot of these systems do not share the enterprise identity management system that the internal systems do, so it takes discrete manual intervention to deny access to them. I know that I deal with several unconfederated systems that make me lose sleep because no one will accept responsibility for getting people OUT of them when they no long need access. How are others dealing with this new angle on the insider threat?
Navies around the world have used LORAN at 100 KHz and inertial systems to determine their location for years. This "solution" is a non-starter since it requires the sub to ping. Beyond that, who is going to pay to maintain these unused beacons?
Even if we consider commercial subs, the tend to operate in coastal waters or from tenders. Why get lost when you can just call home and have them ping you?
I see a ton of untested technology claiming to solve world hunger. I see a bunch of salespeople pushing something with no support tail. I see a federal procurement process that requires, REQUIRES, competition to save the taxpayer money. I see technology evolving faster than i can deploy and train people to use it. I see terrorists using technology that they only need to work once. I need technology that I need to never fail. I see terrorists that only need to get one bomb into one place once. I see a federal system that has to get thousands of reliable devices into thousands of places that can be operated by well-intentioned high school graduates.
If you want to help, donate your patents and let us open source and compete your products. Better yet, go to FEDBIZ http://www.fedmarket.com/bidProducts/fbn/ and look at what we are looking for.
I work for a federal agency and we've had most of this in place for some time.
Our VPN (AES) requires two-part authentication with user name, password, and time-key.
You get dropped faster than 30 minutes:( if no activity.
Max session time also applies. (Not unreasonable)
Encrypting on portable devices will be new, but not difficult. All of our laptops have common access card (CAC) readers.
Validating downloaded material retention will be the most difficult since that is exclusively a policy issue.
Anyway, we have not had a problem with compromises.
What folks may not realize is that the legal definition of "sensitive" is more challenging than you realize. An awful lot of information is available through a Freedom of Information Act request, so you really can't call it sensitive. Training people to recognize the more unique forms of information that rightly deserve protection (Sensitive Security Information 49 CFR 1520) and the like that is the challenge.
You redact "Top Secret" after you redact the document because it's no long Top Secret and doesn't require the same handling procedures. Simple administrative issue and nothing stupid about it.
Given all the press about improper redactions using PDF (DoD, et al), you would think that their legal staff would have gotten a bit smart on this. I work next to a Freedom Of Information Act office and we have been savvy on this for some time.
Bottom line, don't trust attorneys with anything more than the words, and leave electonic publication to professionals. (Could this be proof that smart tech writers should be payed more than dumb lawyers?)
I write a lot. It may not be the best, but it does get results and people comment that they like it. The one course I had that influenced my writing was a course on reading theory. You tend to write differently when you realized all the work the reader has to go through to follow your train of thought. Long sentences suck. Long narative lists really suck. Passive voice sucks.
Our teacher gave us an article to read that was horrible; the organization and structrure were torture to get through, and in the end you had no clue what the author was trying to tell you. That said, the rest of the course was spent looking for ways to take a really pathetic block of words and turn them into something meaningful to a reader.
I guess having to edit a lot of material builds skill too.
Grammar is good, but think like the reader when you write.
ay
I work in a.mil environment with managed images and very good security. What I'm reading is that your company is still in the learning phase when it comes to customer service balanced with security.
We operate under a standard image architecture with updates and patches pushed out across the enterprise. Proxy servers are a necessary evil, but we are very reasonable on our block lists. (North Korean sites are discouraged along with Ebay...) This is for our unclassified network...
We learned the hard way too. Our first generation of machines were issued with padlocks on the cases and no CDROM drives...
Our IT system never compromises operations for security, and it never has to. Your IT staff may need a bit of fresh air, a few customer-centered workshops, and maybe some field trips to see how others work.
The guy is right, and security by obscurity doesn't really work for long. I suppose that the security of Macs rests in the continued success and growth of Windows.
I have a Mac and only have the firewall turned on. I suppose I'm off the bell curve since the Mac is for entertainment only and I rarely browse and never use email with it.
Call it a deal with the devil, but I have a customer base that doesn't understand that having current antivirus protection is like having clean oil in your car.
I promote McAfee becasue (1) it's free to my customer, and (2) because I have few or no hassles with it.
At the end of the day, the customer needs reliable protection in place. McAfee is available, affordable, and reliable. Given that it meets their requirements I have no issues with it.
Protection outside of the mainstream may be better technically, but it lags practically since it requires and informed an involved customer base to work with it. I don't have that luxury.
Say what you will, but I have to deliver a machine that works and they can support after I tell them I cleaned it up.
It's shocking, but it's true. Based on clean installs, I've had less hassles with McAfee than Symantec. The "live update" has brought clean systems to their knees while McAfee just did it's business and watched the shop.
This is sort of like religion: What's your life been like and what do you really expect? Like I said, McAfee comes to me free (legally) under a DoD agreement. Most folks are getting Symantec with their system and hosing it up. McAfee goes in clean, does the job, and is very low-profile.
The NY Time reported a while ago that Symantec was aware of problems and conflicts and not motivated to fix them. Fine. I was motivated to switch.
Sure, there's competition, and that's a good thing! Can anyone point us towards some solid comparison metrics? I recall reading that McAfee was faster at getting updates out than Symantec. Anything else?
McAfee basic anti-virus is free to military members under a DoD agreement, so I got familiar with it again. They have improved significantly and I have had only good results.
I think we can agree on two things:
1. Spybot rocks. 2. Symantic should shut up and clean up.
One of the first things I do for any system in distress is REMOVE Symantec. Of course, it's a pain since they are like a plague. They infest the registry like lice and do not remove themselves when you run their deinstallation tool. Bottom line, they are big, but they hogs.
Sysmantec can whine, but no one who knows anything is listening or buying.
Slashdot Mirror
This reminds me of the McCarthy witch hunts, and I'm praying that someone will stand up and say so LOUDLY! Going after the Twitter traffic is only intimidation and not going to find anything substantial. Someone please tell the Attorney General to pack sand on this one! I'm saddened that the probable leak violated the trust placed in him when he was given a security clearance (and access), but I also empathize that he acted out of conscience. Pentagon Papers, part 2.
I remember when MP3 players showed up in lecture halls, and a posse' of students had to coerce a loud-listener to shut it off or leave. Cell phones and laptops were quick to follow... Regrettably, the public abuse of technology is epidemic, and the kids are a reflection of their doltish parents. So, yes, exile the toys and distractions to the dorms, and preserve the lecture halls for learning.
Thin is a relative term, and bandwidth was a serious problem with the organization that I used to work for. We were spread out all over the place, and many of our platforms were mobile. The thick client only had to move the data, but the thin clients were fussy about the pipes. So, speaking for one user, thin only worked well when I had a fat pipe.
My family lives in a very remote area of Pennsylvania and connect via a satellite link. Non of my neighbors care to spend that kind of money for something they have relatively little use for. Dial-up barely hits 22k because of poor phone lines. Instead, they get their news from the radio (wireless!), paper, and face-to-face conversation with friends and neighbors (social networking). As much as I love the Internet, it's a tool and not a solution. I still send my wife love notes by mail (stamp upside down) and look forward to the same from her. Not Luddites, just reasonable people that don't waste money on something that they don't need and doesn't enrich their lives. ay
I really like this question. I kind of think that they took it rather than were assigned it. Honestly, unless there is some bizarre mobility or expeditionary requirement for these folks, I don't see the need to put them in uniforms. posse comitatus i probably going to tie them up a bit, and NSA or DISA has the talent already in place. I'm thinking this is a DNI thing myself... Hoping for a meaningful answer that shows boni fide lineage to the authority that told the USAF that they should do it.
Does posse comitatus apply to a DoD cybercommand operating in the United States and with regards to U. S. citizens?
Have the lawyers drawn you a CONOP box yet?
told them to pack sand and made out case. Now it sounds like they have to kick old George at home by themselves. Coffee anyone?
Check out http://www.unitednuclear.com/ and build your own. Amazing stuff your mother wouldn't let you have. a
It's not difficult if you have an confederated identity management system that tracks the total access of an individual. However, a lot of web-based applications are not tied into a CIM since it could exposed the CIM to a cyber-risk.
:)
The alternate method is manual. You have an Information System Security Officer (ISSO) act as the gatekeeper and check the person in and out for system access. This process (like the CIM) can break because of the human element: No one told anyone to deny this person access.
There is generally a lot of pressure to get folks into systems, and no incentive (other than security) to get them out. Good luck finding someone to blame for the breach later...
I think that there is a more interesting thread that's being ignored: Closing the IT door on former employees. Internet-accessible systems present a unique challenge since the physical security of an internal LAN is lost. Some of these systems contain sensitive information (duh) and are Internet accessable for one business reason or another. Also, a lot of these systems do not share the enterprise identity management system that the internal systems do, so it takes discrete manual intervention to deny access to them. I know that I deal with several unconfederated systems that make me lose sleep because no one will accept responsibility for getting people OUT of them when they no long need access. How are others dealing with this new angle on the insider threat?
Navies around the world have used LORAN at 100 KHz and inertial systems to determine their location for years. This "solution" is a non-starter since it requires the sub to ping. Beyond that, who is going to pay to maintain these unused beacons?
Even if we consider commercial subs, the tend to operate in coastal waters or from tenders. Why get lost when you can just call home and have them ping you?
Maybe under polar ice? I'm still wondering.
Maybe there is an application, but I doubt it.
AY
I see a ton of untested technology claiming to solve world hunger. I see a bunch of salespeople pushing something with no support tail. I see a federal procurement process that requires, REQUIRES, competition to save the taxpayer money. I see technology evolving faster than i can deploy and train people to use it. I see terrorists using technology that they only need to work once. I need technology that I need to never fail. I see terrorists that only need to get one bomb into one place once. I see a federal system that has to get thousands of reliable devices into thousands of places that can be operated by well-intentioned high school graduates. If you want to help, donate your patents and let us open source and compete your products. Better yet, go to FEDBIZ http://www.fedmarket.com/bidProducts/fbn/ and look at what we are looking for.
I work for a federal agency and we've had most of this in place for some time.
:( if no activity.
Our VPN (AES) requires two-part authentication with user name, password, and time-key.
You get dropped faster than 30 minutes
Max session time also applies. (Not unreasonable)
Encrypting on portable devices will be new, but not difficult. All of our laptops have common access card (CAC) readers.
Validating downloaded material retention will be the most difficult since that is exclusively a policy issue.
Anyway, we have not had a problem with compromises.
What folks may not realize is that the legal definition of "sensitive" is more challenging than you realize. An awful lot of information is available through a Freedom of Information Act request, so you really can't call it sensitive. Training people to recognize the more unique forms of information that rightly deserve protection (Sensitive Security Information 49 CFR 1520) and the like that is the challenge.
Waiting for this to come across my desk...
You redact "Top Secret" after you redact the document because it's no long Top Secret and doesn't require the same handling procedures. Simple administrative issue and nothing stupid about it.
Given all the press about improper redactions using PDF (DoD, et al), you would think that their legal staff would have gotten a bit smart on this. I work next to a Freedom Of Information Act office and we have been savvy on this for some time.
Bottom line, don't trust attorneys with anything more than the words, and leave electonic publication to professionals. (Could this be proof that smart tech writers should be payed more than dumb lawyers?)
I write a lot. It may not be the best, but it does get results and people comment that they like it. The one course I had that influenced my writing was a course on reading theory. You tend to write differently when you realized all the work the reader has to go through to follow your train of thought. Long sentences suck. Long narative lists really suck. Passive voice sucks. Our teacher gave us an article to read that was horrible; the organization and structrure were torture to get through, and in the end you had no clue what the author was trying to tell you. That said, the rest of the course was spent looking for ways to take a really pathetic block of words and turn them into something meaningful to a reader. I guess having to edit a lot of material builds skill too. Grammar is good, but think like the reader when you write. ay
I work in a .mil environment with managed images and very good security. What I'm reading is that your company is still in the learning phase when it comes to customer service balanced with security.
We operate under a standard image architecture with updates and patches pushed out across the enterprise. Proxy servers are a necessary evil, but we are very reasonable on our block lists. (North Korean sites are discouraged along with Ebay...) This is for our unclassified network...
We learned the hard way too. Our first generation of machines were issued with padlocks on the cases and no CDROM drives...
Our IT system never compromises operations for security, and it never has to. Your IT staff may need a bit of fresh air, a few customer-centered workshops, and maybe some field trips to see how others work.
I feel your pain and wish you the best.
ay
Good stuff here! I like the comment on the moderator, although I never complain about generosity when it's aimed near me.
I agree about the make it hard to find and hard to do line of thought.
I do some security work at work and have a Mac at home just to say that I have one computer I truly enjoy owning!
Thanks for the comments.
If it's familiar, if people remember it, if people get it, then it's good. Save original thought for something new.
The guy is right, and security by obscurity doesn't really work for long. I suppose that the security of Macs rests in the continued success and growth of Windows.
I have a Mac and only have the firewall turned on. I suppose I'm off the bell curve since the Mac is for entertainment only and I rarely browse and never use email with it.
So, is there a profile of a Mac virus writer???
-a
Call it a deal with the devil, but I have a customer base that doesn't understand that having current antivirus protection is like having clean oil in your car.
I promote McAfee becasue (1) it's free to my customer, and (2) because I have few or no hassles with it.
At the end of the day, the customer needs reliable protection in place. McAfee is available, affordable, and reliable. Given that it meets their requirements I have no issues with it.
Protection outside of the mainstream may be better technically, but it lags practically since it requires and informed an involved customer base to work with it. I don't have that luxury.
Say what you will, but I have to deliver a machine that works and they can support after I tell them I cleaned it up.
Al
It's shocking, but it's true. Based on clean installs, I've had less hassles with McAfee than Symantec. The "live update" has brought clean systems to their knees while McAfee just did it's business and watched the shop.
This is sort of like religion: What's your life been like and what do you really expect? Like I said, McAfee comes to me free (legally) under a DoD agreement. Most folks are getting Symantec with their system and hosing it up. McAfee goes in clean, does the job, and is very low-profile.
The NY Time reported a while ago that Symantec was aware of problems and conflicts and not motivated to fix them. Fine. I was motivated to switch.
Sure, there's competition, and that's a good thing! Can anyone point us towards some solid comparison metrics? I recall reading that McAfee was faster at getting updates out than Symantec. Anything else?
I do remember a time when McAfee had "issues".
McAfee basic anti-virus is free to military members under a DoD agreement, so I got familiar with it again. They have improved significantly and I have had only good results.
I think we can agree on two things:
1. Spybot rocks.
2. Symantic should shut up and clean up.
ay
One of the first things I do for any system in distress is REMOVE Symantec. Of course, it's a pain since they are like a plague. They infest the registry like lice and do not remove themselves when you run their deinstallation tool. Bottom line, they are big, but they hogs.
Sysmantec can whine, but no one who knows anything is listening or buying.
I donate to Spybot and promote McAfee.
ay
Subject says it all. They are quiet and reliable.