This was all done by contractors, mind you, and it got done because we liked what we were doing, took pride in doing a good job of it, and we had support from the squadron commander.
Once the MAJCOM started taking control of the security stuff, our defensive posture went to crap.
I have to say that the aggressor squadron teams that'd come in and attack the network knew their stuff. And of course they were able to break in every time.
Most importantly, make it clear that their job is security, and not paper pushing.
Exactly, exactly. I find it hard to believe that Gen. Lord is not aware of this, so I have to assume that the answers are of the 'PR Filtered" variety.
Also, I'm not sure how he can say "Certainly the balance between having access to do our mission and having robust security is an issue where not everyone agrees on just how much to restrict or how much to allow." Someone needs to read up on his regs:
Etc. The issue is not that it's "not everyone agrees on how much to restrict." I think the regs and best practices out there are pretty clear. It's a issue of "how much do we want to comply with restricted access methodolgies and regulations." So basically, Cyber Command will be just a repackaged example of base network security that you described above, except this time it's not going to be an AFSPC base, or an AMC/ACC, it going to be a huge target called 'Cyber Command"....
The answer is they don't. Most GS's are hired/promoted from within, or directly out of the military.
The way they hire talented people are through their contractors. These contractors that fall under the supervision of GS's are usually better payed, more knowledgable, and more exeperienced to handle the job then they are.
"I don't agree or I maybe I just haven't seen where security is always a back burner item."
I submit this: http://government.zdnet.com/?p=3416 (There are others out there) And do not think for a second that this is out of the norm.
The problem wasn't that the Unisys folks didn't want to effectively monitor the DHS network, it was more than likely a problem of 'priority'. 3 was enough, they met their 8500.2 IA control requirements (technically) and that was all they were worried about, contractually. Now I'm sure the good IA engineers at Unisys went to CCB meetings and engineering review boards and fought the good fight for security, and due to schedule, or cost, or both, implementing the other IDS's was deemed a low priority...Something they would do next revision.
This is common, I imagine common in the private sector too, but I wouldn't clain ignorance.
General Lord,
I currently work as the exact type of 'cyber warrior' you intend to recruit. But I already have a Top Secret clearance, already familiar with DoD systems, etc. The dynamic with what we call 'Information Assurance' is that of a constant struggle with our contractor management (stay within the contract, the budget, etc) and with our 'warfighter' higher ups (educating them on why they can't have full access from their home in the spirit of "operations are a priority, to hell with security").
So assuming you can get the type of expertise that are eligible for clearances, and that are willing to relocate to Offutt/etc, how are you going to address the core issue of security in the DoD: Operations/budget/schedule will always trump security. Or alternatively, security will always be back burner to 'hot' issues.
Thank you for your time.
You don't even have to read the article. Understand that these are economic analyst, well analyzing the financial situation of the gaming arm of the Sony Corp.
Sure they may not be taking into account cuts in production costs. But cuts in production usually happens once you are deep into production, and I think the point they are making is that this part of Sony will not make a profit in the foreseeable future because of the cost of production vs retail cost, and the lack of volume in the market. Sure they are flying off the shelves, but the only way to make a profit is to gain market share, which equals game purchases.
Sony is not doomed, but when will Sony as a company decide that the gaming division is gushing too much money? With the management shuffle, we may soon see.
Folks need to realize the compression on some of these movies is going to be horrific.
Most users out there burn DVD +-R dvds, no dual layers. One of the first things I do when I backup my copies is to remove all the crap like menus, FBI/Interpol warnings, Featurettes I couldn't give a rat's ass about. Then I have a movie that needs little to no compression.
Also, I concur with the Walmart bin comments. Downloading and burning DVD's is a mid to upper level computer task. Gram and gramps at home aren't doing these things. Do they assume that people with this level of computer knowledge will not be smart enough to shop around and compare prices on these crap movies?
The only reason why you would spend this amount of money to obtain a cert. is because you are not qualified/knowledgable enough pass it in the first place.
If you really knew what you were doing, you would pay the $250 to take the test (http://www.eccouncil.org/312-50.htm) and be able to pass either on your own accord, or with the help of books or freely available study guides.
Anything more than a few hours of your time and some decently written books is a waste of money.
Oddly enough CNN has this article:
http://www.cnn.com/2006/US/03/24/tennessee.911.ap/ index.html
"Thousands of calls to Chattanooga's 911 call center have been going unanswered, according to records examined after a caller was unable to report a kitchen fire because three of four dispatchers were taking breaks at the same time."
Slashdot Mirror
Once the MAJCOM started taking control of the security stuff, our defensive posture went to crap.
I have to say that the aggressor squadron teams that'd come in and attack the network knew their stuff. And of course they were able to break in every time.
Most importantly, make it clear that their job is security, and not paper pushing.
Exactly, exactly. I find it hard to believe that Gen. Lord is not aware of this, so I have to assume that the answers are of the 'PR Filtered" variety.
Also, I'm not sure how he can say "Certainly the balance between having access to do our mission and having robust security is an issue where not everyone agrees on just how much to restrict or how much to allow." Someone needs to read up on his regs:
http://iase.disa.mil/stigs/checklist/index.html
http://iase.disa.mil/stigs/stig/index.html
http://www.nsa.gov/snac/
Etc. The issue is not that it's "not everyone agrees on how much to restrict." I think the regs and best practices out there are pretty clear. It's a issue of "how much do we want to comply with restricted access methodolgies and regulations." So basically, Cyber Command will be just a repackaged example of base network security that you described above, except this time it's not going to be an AFSPC base, or an AMC/ACC, it going to be a huge target called 'Cyber Command"....
The answer is they don't. Most GS's are hired/promoted from within, or directly out of the military.
The way they hire talented people are through their contractors. These contractors that fall under the supervision of GS's are usually better payed, more knowledgable, and more exeperienced to handle the job then they are.
"I don't agree or I maybe I just haven't seen where security is always a back burner item." I submit this: http://government.zdnet.com/?p=3416 (There are others out there) And do not think for a second that this is out of the norm. The problem wasn't that the Unisys folks didn't want to effectively monitor the DHS network, it was more than likely a problem of 'priority'. 3 was enough, they met their 8500.2 IA control requirements (technically) and that was all they were worried about, contractually. Now I'm sure the good IA engineers at Unisys went to CCB meetings and engineering review boards and fought the good fight for security, and due to schedule, or cost, or both, implementing the other IDS's was deemed a low priority...Something they would do next revision. This is common, I imagine common in the private sector too, but I wouldn't clain ignorance.
General Lord, I currently work as the exact type of 'cyber warrior' you intend to recruit. But I already have a Top Secret clearance, already familiar with DoD systems, etc. The dynamic with what we call 'Information Assurance' is that of a constant struggle with our contractor management (stay within the contract, the budget, etc) and with our 'warfighter' higher ups (educating them on why they can't have full access from their home in the spirit of "operations are a priority, to hell with security"). So assuming you can get the type of expertise that are eligible for clearances, and that are willing to relocate to Offutt/etc, how are you going to address the core issue of security in the DoD: Operations/budget/schedule will always trump security. Or alternatively, security will always be back burner to 'hot' issues. Thank you for your time.
You don't even have to read the article. Understand that these are economic analyst, well analyzing the financial situation of the gaming arm of the Sony Corp.
Sure they may not be taking into account cuts in production costs. But cuts in production usually happens once you are deep into production, and I think the point they are making is that this part of Sony will not make a profit in the foreseeable future because of the cost of production vs retail cost, and the lack of volume in the market. Sure they are flying off the shelves, but the only way to make a profit is to gain market share, which equals game purchases.
Sony is not doomed, but when will Sony as a company decide that the gaming division is gushing too much money? With the management shuffle, we may soon see.
Folks need to realize the compression on some of these movies is going to be horrific.
Most users out there burn DVD +-R dvds, no dual layers. One of the first things I do when I backup my copies is to remove all the crap like menus, FBI/Interpol warnings, Featurettes I couldn't give a rat's ass about. Then I have a movie that needs little to no compression.
Also, I concur with the Walmart bin comments. Downloading and burning DVD's is a mid to upper level computer task. Gram and gramps at home aren't doing these things. Do they assume that people with this level of computer knowledge will not be smart enough to shop around and compare prices on these crap movies?
The only reason why you would spend this amount of money to obtain a cert. is because you are not qualified/knowledgable enough pass it in the first place.
If you really knew what you were doing, you would pay the $250 to take the test (http://www.eccouncil.org/312-50.htm) and be able to pass either on your own accord, or with the help of books or freely available study guides.
Anything more than a few hours of your time and some decently written books is a waste of money.
Oddly enough CNN has this article: http://www.cnn.com/2006/US/03/24/tennessee.911.ap/ index.html
"Thousands of calls to Chattanooga's 911 call center have been going unanswered, according to records examined after a caller was unable to report a kitchen fire because three of four dispatchers were taking breaks at the same time."