freaktheclown writes "According to CNet, 'government auditors have been saying that Homeland Security has failed to live up to its cybersecurity responsibilities and may be 'unprepared' for emergencies.'" The article discusses FEMA's handling of relief efforts for hurricane Katrina and how a very similar situation exists with electronic security measures in the U.S. In addition to a conjecture the department of cybersecurity has been "plagued by a series of damning reports, accusations of bureaucratic bungling, and a rapid exodus of senior staff that's worrying experts and industry groups." U.S. Cybersecurity Not So Secure? Log in/Create an Account | Top | 115 comments | Search Discussion Display Options Threshold: -1: 115 comments 0: 112 comments 1: 88 comments 2: 64 comments 3: 27 comments 4: 13 comments 5: 8 comments Flat Nested No Comments Threaded Oldest First Newest First Highest Scores First Oldest First (Ignore Threads) Newest First (Ignore Threads) The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way. That's what happens when unqualified people.. (Score:5, Insightful) by CyricZ (887944) on Monday October 10, @06:33PM (#13760066) ... are given jobs because of their political affiliations.Yes, unqualified people performing serious jobs leads to nothing but problems. [ Reply to ThisPhillipine Intelligence Agencies by Philip K Dickhead (Score:1)Monday October 10, @06:49PMRe:Phillipine Intelligence Agencies by Jherek Carnelian (Score:1)Monday October 10, @06:52PM1 reply beneath your current threshold. Re:That's what happens when unqualified people.. (Score:4, Funny) by clambake (37702) <clambakeNO@SPAMchipped.net> on Monday October 10, @06:54PM (#13760171) (http://chipped.net/) Yes, unqualified people performing serious jobs leads to nothing but problems.Careful now, that sounds a bit like TERRORIST talk to me... [ Reply to This | ParentRe:That's what happens when unqualified people.. by Anonymous Coward (Score:3)Monday October 10, @06:56PM Re:That's what happens when unqualified people.. (Score:4, Insightful) by CyricZ (887944) on Monday October 10, @07:03PM (#13760220) The media Queen of hearts shouts at everyone, "Off with their heads". No wonder there's an exodus of senior staff. Except in the United States the media does not seriously question the government. That is why the Bush administration was able to preside over several of the worst incidents in American history, and have emerged basically unscathed. [ Reply to This | ParentRe:That's what happens when unqualified people.. by black hole sun (Score:1)Monday October 10, @11:29PMI'm not the CyricZ from GameFAQs. by CyricZ (Score:3)Monday October 10, @11:45PMRe:That's what happens when unqualified people.. by CyricZ (Score:2)Monday October 10, @08:33PMRe:That's what happens when unqualified people.. by Anonymous Coward (Score:2)Monday October 10, @09:08PM1 reply beneath your current threshold. Re:That's what happens when unqualified people.. (Score:5, Insightful) by Doc Ruby (173196) on Monday October 10, @09:13PM (#13760981) (http://slashdot.org/~Doc%20Ruby/journal | Last Journal: Thursday March 31, @02:48PM) If the media weren't in Bush's pocket, the departure in disgust of every "cybersecurity czar" we've had (all under Bush) would be a running story about how we're begging to get hit. We pay taxes to a government we elected to protect us from threats, and those responsible for the cyber department won't accept liability for their useless department. That's not "scapegoating". If the department were competent, there wouldn't be any need to scapegoat anyone. Anyone watching their counterparts across DHS leave thousands to die in the wake of Katrina can tell that we're paying fools to pretend to protect us. And if reporters were more competent than these DHS personnel they cover for, it wouldn't take Katrina to show how screwed we all are. [ Reply to This | ParentRe:That's what happens when unqualified people.. by deanj (Score:2)Monday October 10, @10:47PMRe:That's what happens when unqualified people.. by Doc Ruby (Score:2)Monday October 10, @11:57PM1 reply beneath your current threshold. Re:That's what happens when unqualified people.. (Score:4, Insightful) by NMerriam (15122) <NMerriamNO@SPAMartboy.org> on Monday October 10, @10:30PM (#13761344) (http://www.artboy.org/) Whenever there is a governmental mistake, or failure to accurately foresee the future, accusations start flying. The media Queen of hearts shouts at everyone, "Off with their heads". No wonder there's an exodus of senior staff.But that's not what happens -- the media doesn't scapegoat invisible public service employees who've been dutifully showing up doing their job every day for 30 years. Those employees make it through scandals in administration after administration, because everyone knows the agency will not function without them -- ocassionally one may be scapegoated internally, but they don't have any "sex appeal" to the media.This recent wave IS very different, because it is one of the first times that these guys do seem to be resigning in large numbers -- not because of "media pressure" (the media doesn't even know who these guys are), but because of inept cronies being put in place above them, and then the cronies not being smart enough to realize the career professionals should be running the show.That's exactly what is happening with the CIA right now, where guys who have happily served both Republican and Democratic administrations for decades are suddenly being dictated to on how to perform their jobs by people who are barely qualified to operate the paper shredder."The Media" isn't pushing out the senior CIA officials, the Bush administration is, the same way they pushed Whitman out of the EPA (I mean, geez, the Republican governor of New Jersey is "too liberal" on the environment? Reality check! That's as crazy as suggesting a quadrupegic veteran isn't patriotic!) [ Reply to This | ParentRe:That's what happens when unqualified people.. by name773 (Score:1)Tuesday October 11, @12:04AM Re:That's what happens when unqualified people.. (Score:5, Funny) by Tackhead (54550) on Monday October 10, @06:57PM (#13760186) > ... are given jobs because of their political affiliations.> >Yes, unqualified people performing serious jobs leads to nothing but problems.You miss the point. The purpose of cycling senior people through the bureaucracy isn't because the bureaucracy's ineffective, it's because it's the gateway to a consluting career with the bureaucracy. That's how the Aristocracy of Pull works, and it works the same way whether the Jackasses or the Elephants are in charge. (The only catch is that you can only pull fellow Jackasses (or Elephants) through the door -- and because your tribal totem isn't going to be in charge forever, whenever your gang's in charge, you're obliged to bring the maximum number of fellow gang members through the door as possible during your time in charge.)To recap:1) Cultivate enough pull to get a cushy appointment.2) As a courtesy to the last guy to hold your post, hire him as a conslutant at double his previous pay.3) Continue to ineffective -- preferably so ineffective that you have a good excuse to resign in "disgrace" within a year or so. This frees up the slot so your boss can reward another guy with pull.4) Get hired by the new guy at half the political liability to your friends, and at double the pay.5) PROFIT!The less effective the bureaucracy, the more people can be run through the revolving door during the course of a given administration, and the more taxpayer dollars can be looted in the process. And because pull is proportional to dollars looted, the system creates its own incentive. Launder, rinse, repeat. [ Reply to This | ParentRe:That's what happens when unqualified people.. by Datamonstar (Score:2)Monday October 10, @07:15PM Re:That's what happens when unqualified people.. (Score:5, Funny) by bakes (87194) on Monday October 10, @07:31PM (#13760374) (Last Journal: Wednesday January 14, @11:31PM) the gateway to a consluting careerThis is one of the most insightful typos I've seen on slashdot. [ Reply to This | Parent Re:That's what happens when unqualified people.. (Score:4, Funny) by Pig Hogger (10379) <pig.hogger@[ ]il.com ['gma' in gap]> on Monday October 10, @07:58PM (#13760512) (http://216.138.229.143/Crackster | Last Journal: Wednesday September 22, @10:57PM) the gateway to a consluting career This is one of the most insightful typos I've seen on slashdot. It's even funnier when you know that in french, "con" means "cunt" (both as in "vagina" and "stupid") [ Reply to This | Parent1 reply beneath your current threshold.Not just "unqualified" but also "political". by khasim (Score:3)Monday October 10, @07:01PMRe:Not just "unqualified" but also "political". by AuMatar (Score:2)Monday October 10, @07:07PMBecoming qualified makes you qualified. by khasim (Score:3)Monday October 10, @07:21PMRe:That's what happens when unqualified people.. by stilwebm (Score:3)Monday October 10, @07:19PMRe:That's what happens when unqualified people.. by whyne (Score:2)Monday October 10, @07:59PMRe:That's what happens when unqualified people.. by john82 (Score:1)Monday October 10, @09:04PM1 reply beneath your current threshold. First post? (Score:2, Funny) by Anonymous Coward on Monday October 10, @06:34PM (#13760073) Cybersecurity not so secure?That's like jumbo shrimp! [ Reply to This1 reply beneath your current threshold. Security Through Obscurity is my motto (Score:5, Funny) by Average_Joe_Sixpack (534373) on Monday October 10, @06:38PM (#13760088) I keep all my usernames/passwords on a Geocities hosted site. [ Reply to ThisRe:Security Through Obscurity is my motto by dgatwood (Score:2)Monday October 10, @06:51PMRe:Security Through Obscurity is my motto by markana (Score:1)Monday October 10, @07:00PM1 reply beneath your current threshold.Re:Security Through Obscurity is my motto by heavy snowfall (Score:3)Monday October 10, @07:00PM/~1234/index.html by Hal9000_sn3 (Score:1)Monday October 10, @08:55PM The root cause? (Score:3, Funny) by clevershark (130296) on Monday October 10, @06:41PM (#13760104) (http://www.clevershark.com | Last Journal: Tuesday December 14, @09:21AM) Well duh, it's hardly surprising, when everything's considered. [govexec.com] [ Reply to ThisIt isn't so much Microsoft as the method... by hackwrench (Score:1)Monday October 10, @09:35PM Duh! (Score:3, Insightful) by jellomizer (103300) * on Monday October 10, @06:42PM (#13760111) (http://localhost:8080/) When you have over 90% of all computers running on the same family of Operating Systems, with the other less then 10% trying to keep the features to work with the other 90% of the computers. Is a disaster waiting to happen. You can firewall every box, Windows could be the most secure OS in the world, but when you have 90% market share it is going to be a target. Secondly people are afraid to have an independent audits on their computer security, they worry about loosing their jobs if the auditors find a problem. Also you have the problem where people assume the first line of defence is all you need, so if a virus got threw the firewall and virus scanner it just spreads all threw the network. [ Reply to ThisRe:Duh! by kcarlin (Score:2)Monday October 10, @09:21PMRe:Duh! by bill_mcgonigle (Score:2)Monday October 10, @09:29PM Education (Score:2, Insightful) by AxsDeny (152142) on Monday October 10, @06:43PM (#13760117) (http://www.vaxcave.com/ | Last Journal: Thursday July 14, @07:28PM) The core of the problem is that users continue to not understand what they are doing or using. People expect things to "just work" and if it breaks they will have it fixed. Many people treat their cars this way. They know how to drive them, but not how to fix them if they break down. If we can't educate the users in the safe and proper use of their machines, we will continue to have such problems. If the mainstream OS continues to be riddled with security holes that grandma doesn't know how to patch, we will continue to have these 100,000 node bot nets.Education and training actually does better security and society as a whole. [ Reply to ThisRe:Education by pcnetworx1 (Score:1)Monday October 10, @07:42PMUser Education is an Unrealistic Fantasy by eepok (Score:1)Monday October 10, @09:25PMRe:User Education is an Unrealistic Fantasy by gravij (Score:1)Monday October 10, @10:26PMNot sure about those comparisons. by SeaFox (Score:2)Tuesday October 11, @12:26AM How important is it REALLY? (Score:4, Insightful) by plover (150551) * on Monday October 10, @06:43PM (#13760119) (http://slashdot.org/ | Last Journal: Friday October 07, @11:50AM) Seriously, the intarweb has been little more than a stew of viruses, zombies and DOS attacks for years now. Yet we all manage to show up and do our jobs. How bad could a "cyberattack" really be, if we're living through the current levels of crap?And what good is a "federal overseer" when they have no jurisdiction over half of the network?I say that we're no worse off for not having a top-dog. It's a meaningless, ineffective position. Why spend the money on it, much less promote the position to a direct report under the DIRHSA? [ Reply to ThisRe:How important is it REALLY? by ZachPruckowski (Score:1)Monday October 10, @07:02PMThat was known years ago. by khasim (Score:3)Monday October 10, @07:14PMRe:That was known years ago. by Pig Hogger (Score:2)Monday October 10, @08:04PMRe:That was known years ago. by Peter La Casse (Score:2)Monday October 10, @08:10PMRe:That was known years ago. by DavidTC (Score:1)Monday October 10, @08:23PMRe:That was known years ago. by Alien Being (Score:1)Monday October 10, @08:35PMRe:That was known years ago. by grimwell (Score:1)Monday October 10, @11:06PM And yet with GLB/HIPAA/Sarbanes-Oxley (Score:3, Insightful) by TykeClone (668449) <TykeClone@gmail.com> on Monday October 10, @06:48PM (#13760136) (http://stores.ebay.com/ABS-Titonka | Last Journal: Wednesday July 27, @08:45PM) They have claimed the right to regulate the networks of financial services and medical services outfits.Let he who is without sin... [ Reply to This1 reply beneath your current threshold. Hire new people asap and get creative (Score:2) by digitaldc (879047) on Monday October 10, @06:49PM (#13760139) some interesting & revealing quotes:"I sure wouldn't take that job," "It only has a downside.""It's been a mess for over four years, and hopefully the new folks will fix this,""In the previous incarnation, DHS and the Homeland Security Council didn't really know what to do with cyber--it's been a deer-in-the-headlights experience for them,""Cybersecurity clearly fell off the radar screen when they set up the department, and the department is trying to find its way," "the nation is applying Band-Aids, rather than developing the inherently more secure information technology that our nation requires."Sounds like a good place for hackers/security experts to get a job, they should be giving large bonuses/salaries & get creative in order to recruit people ASAP and get them out of this mess. Try a new path...what do we have to lose? [ Reply to ThisRe:Hire new people asap and get creative by clevershark (Score:2)Monday October 10, @06:55PM the ownership vs. threat info gap (Score:5, Insightful) by G4from128k (686170) on Monday October 10, @06:53PM (#13760167) One core problem is that the people that regulate cybersecurity don't own the infrastructure. This means they have little hope of understanding how real-world privately-owned (and vulnerable) networks operate. The flip side is that the government people that might have intelligence data on cybersecurity threats won't share that info with the people that actually own and operate the networks.One group (govt) may understand the threat, but is clueless on the operations side. The other group (owers) don't have the classified intelligence data on the threat, but do know the operations side of the network.Until the two sides share both info and operations knowledge, cybersecurity isn't possible. [ Reply to This Who wants a top-down solution anyway? (Score:5, Insightful) by Quadraginta (902985) on Monday October 10, @06:59PM (#13760193) Goodness, who wants the Federal government to be responsible for general IT security in this country? I mean, let's just think carefully through the kind of power over the network they'd need (or say they need) to be given to achieve it.Brrr. [ Reply to ThisRe:Who wants a top-down solution anyway? by ScrewMaster (Score:2)Monday October 10, @07:01PMIf they're really "responsible", why not? by khasim (Score:2)Monday October 10, @07:27PMRe:Who wants a top-down solution anyway? by sunwolf (Score:1)Monday October 10, @08:00PMRe:Who wants a top-down solution anyway? by quentin_quayle (Score:1)Monday October 10, @09:14PMRe:Who wants a top-down solution anyway? by tsm_sf (Score:2)Monday October 10, @10:13PM culture of corruption == incompetence (Score:2, Insightful) by opencity (582224) on Monday October 10, @07:00PM (#13760201) While the Bushies are poster boys for complete corrupt criminality, the problem runs deeper. As Americans (I can't speak for the rest of the world but our standard of living is high enough that we have little (less) excuse), we take very little personal responsability for anything. Katrina was my main objection to nuclear power writ large. While I think fission is one of the better options for power generation, the culture of bureaucracy that has rotted the health and education sectors would most likely fail spectacularly during a crisis at a power plant. During a meltdown, political hacks would rush around covering their own asses while citizens - with air conditioners, automobiles and endless electricity needs - would scream that there was no planning to take care of them and that it was their birthrite to work 35 easy hours a week with iPods strapped to their heads. And then before the next election, there would be a terror alert, and we'd vote for the same criminal gang that has been looting the country, on and off, for 25 years. As opposed to some other criminal gang that doesn't loot as much. And go back to watching TV and reading ... slashdot(?) [ Reply to ThisRe:culture of corruption == incompetence by opencity (Score:2)Monday October 10, @08:16PM1 reply beneath your current threshold. DHS bit off more than they can chew (Score:3, Insightful) by KerberosKing (801657) on Monday October 10, @07:00PM (#13760202) All year long, they have had no one at the helm for cybersecurity. It shouldn't surprise anyone. Let's take a job that many different agencies struggled to keep up with before, then add the requirement that they all reorganize into DHS, where instead of computer security being their number one focus, it is one of many concerns. I would bet the funding for DHS compsec is less than the total spent by the seperate agency committees. There is only so much you can save by pooling resources, and I would agrue it gets lost when you have to compete for attention with WMDs, IEDs and other serious physical security threats. [ Reply to This A history of unfavorable gov't security reports (Score:5, Informative) by sczimme (603413) on Monday October 10, @07:02PM (#13760212) Much of the Federal government has a sub-optimal track record in the security arena. In March of 2004 Rick Forno published an article (with links) that summarized Uncle Sam's security issues: The farce of federal cybersecurity [securityfocus.com] (That's the title Rick used, btw.) [ Reply to This Of course, they are not ready (Score:1, Insightful) by Anonymous Coward on Monday October 10, @07:08PM (#13760242) NSA and CIA disallowed any Windows based products in house except for unsecured desktop boxes and as a upfront web server (but they are simply traps). Now they are under extreme pressure from "above" to allow Windows and windows products in-house, no matter what the security costs are. When politicians make decisions, and not the experts, then we end up with 9/11s. After all, that is exactly what 9/11 and Iraqi invasion were. [ Reply to This1 reply beneath your current threshold. wish they would stop using the word "cyber" (Score:2) by timmarhy (659436) on Monday October 10, @07:12PM (#13760257) honestly, wtf is the point of this department anyway. shouldn't it be the responsiblity of each organisation to secure it's own IT? there doesn't seem to be much need for this. i mean what do they do all day? the FBI is already the ones who investigate crimes, CIA keeps and eye on things outside your borders. seems like a big fucking waste of money. [ Reply to ThisRe:wish they would stop using the word "cyber" by sinewalker (Score:1)Monday October 10, @11:08PM same ole same ole (Score:2) by argoff (142580) on Monday October 10, @07:14PM (#13760264) In IT or economics, the rules are the same. Government doesn't provide security, freedom provides security - in this case meaning free software. I know this will come as a shocker for some people, but the copyright incentive system that government promotes by it's vary nature incentivises poor security too. Solve that problem and the security problem will solve itself. [ Reply to This Common sense, does it exist? (Score:2, Insightful) by Alien Being (18488) on Monday October 10, @07:14PM (#13760265) 9/11 was preventable. We got pwned by leaving the cockpit doors open even though it was "common" knowledge that the most effective way to thwart hijackings was to NEVER let the bad guys take control of the airplane. If they can manage to crash it, or kill every passenger, so be it. El Al figured this out in the 70's, yet the FAA was too fucking stupid to pay attention.Similarly, the Bush administration ignored the valuable information it received from Richard Clarke and even their own Condoleezza Rice. Their motives are unknown, but it's worth considering that maybe they wanted a war [newamericancentury.org] from the beginning. The cost can be measured in the trillions of dollars and tens of thousands of lives.Hurricane Katrina was an act of nature. Maybe it was a side effect of intelligent design, but that doesn't matter. The lesson is that valuable information was ignored. It doesn't take a rocket scientist to know that category 3 levees won't hold a category 5 storm. A stomping wonder horse could have saved more lives than the horse judge BushCo put in charge of FEMA.Cybersecurity is nothing to joke about, yet the one company which has been responsible for the most damage has already been given a walk for other serious crimes. This government will do nothing to make them act responsibly. MS isn't the only one, but they are the prime example. Banks are another obvious concern, but I don't think the Feds will keep them in control now any more than they did during the S&L scandal of the 80's. We shouldn't be surprised. Bush is a family man, and his family has historically put their own interests above those of the USA [nhgazette.com]. [ Reply to ThisRe:Common sense, does it exist? by rossifer (Score:2)Monday October 10, @09:27PM Authority grab is the problem (Score:3, Interesting) by keraneuology (760918) on Monday October 10, @07:16PM (#13760279) (Last Journal: Tuesday September 20, @07:48PM) The problem isn't political appointments, inept federal chiefs or any political leanings or biases. The problem is the the federal government has no business in being in charge of domestic response. Response to a local emergency or disaster is, and must remain the domain of the local authorities who can be held accountable for their preparation and performance - or lack thereof.FEMA can do nothing but react to an event and throw more debt at the problem. Unfortunately this leads to problems down the road - not only does it push the federal government closer to insolvency - but it leads to all kinds of expectations on the part of locals who develop the "we'll just sit back and wait for the calvary" mentality. Not only this, but you end up with gross inequity in the response: federal dollars to New Orleans for Katrina are already about 5 times the aid sent to Florida for four hurricanes combined. FEMA has given out some $600,000,000 in "emergency cash disbursements" so far, with many people upset that only the first 10,000 or so were given $2,000 cash cards. New Hampshire recently saw a few hundred people flooded out and it wouldn't shock me in the slightest if some of them file lawsuit under the equal protection clause asking for $2,000 cash cards, FEMA-paid apartments around the country and the like.Local emergencies should be handled by city, the county, the state and then the federal. In that order. And the federal should not be allowed to call any of the shots: they should provide resources only but all decisions should be made by the local leaders. [ Reply to ThisRe:Authority grab is the problem by msuarezalvarez (Score:1)Monday October 10, @07:42PMRe:Authority grab is the problem by keraneuology (Score:2)Monday October 10, @09:01PM1 reply beneath your current threshold.Re:Authority grab is the problem by Anonymous Coward (Score:1)Monday October 10, @07:59PMRe:Authority grab is the problem by Peter La Casse (Score:2)Monday October 10, @08:35PM Checklist for fixing ALL cybersecurity problems (Score:3, Interesting) by jd (1658) on Monday October 10, @07:26PM (#13760346) (http://slashdot.org/ | Last Journal: Saturday July 30, @01:33AM) All the Federal Government needs to do is print out the following checklist and go through it. The same for every corporation. If you can get all of these things accomplished, I can pretty much guarantee you'll be immune to any existing attack method short of physical compromise. Ban .rhosts files. Totally. Sack and/or excommunicate those who use them. There are much more secure ways to have zero-password logins for automatic connections. If using an unencrypted network, ban RSH, RLOGIN and Telnet - use SSH instead. If using IPSec with host authentication by certificates, then you've already got the authentication and encryption covered, so unsecure protocols can be used there. Different channels should get different access rights. Unsecure channels should NEVER have access to secure data. Unsecure channels should NEVER be used to create secure channels, as that is a common point of attack. All servers with confidential data (credit card info, corporate data, missile plans, etc) should have some form of Mandatory Access Control at an absolute minimum, with such data unreachable from ANY combination of program and user other than those combinations specifically designated as having access. For Linux, you're wanting to look at SELinux or GRSecurity. Ideally, you want a B1-compliant OS at a minimum for commercially sensitive data and a B3-certified OS for Government work. Such servers should NOT be directly reachable, they should be accessed ONLY by intermediate servers. As such, we don't care about holes so much (as nobody should be able to reach them) - rather, we care about operations we're specifically allowing users to perform and making sure THOSE are bullet-proof. All intermediate servers should be damn-near 100% free of security holes. We don't care about access controls for these, as they don't have any data. They're merely front-ends. However, because they're first in line for any cyber-attack, they need to be as close to immune from such attacks as possible. THIS is an ideal place for OpenBSD or MirBSD systems. You should have two firewalls in series, pointing in opposite directions, at the entranceway. You want to control what comes into the network, but you ALSO want to control what comes out. That part is often forgotten, and THAT is why many network security strategies fail. Active NIDS systems and authentication systems should live in parallel to the two firewalls. You want them to be able to shut down BOTH firewalls, should EITHER firewall be compromised, which means you have to have direct connections to both. Otherwise, the compromised firewall can simply block your instructions. Servers that should NOT be reachable from the outside should NOT be on a LAN that is visible to the outside. If they need to connect to each other, use a private LAN. If using a centralized authentication system, use Kerberos V. DO NOT use NT domains, NIS+, or any other such method. Since the internal network is likely on private addresses, it would be better to use IPv6 and then have proxies map communication onto IPv4 for the outside world. The reason? It'll seriously bugger up those attack scripts that assume IPv4. It'll also make zombies that do reach the inside ineffective, as many of those will assume IPv4 as well. If IPv4 is not being carried, such software will break. We've defined three types of LAN so far - one LAN inside the firewall connecting to proxy servers, one LAN for secure servers, and bridging LANs linking secure servers to proxies. We need one further network, this time for users. This LAN ONLY connects to the proxy servers. As those can see the outside world, we can use them as proxies to see the outside as much as those on the outside can use them to see the inside. If the Department of Homeland Paranoia were to implement such a system, I feel confident they'd score an A on their next evaluation, and would be as close to invulnerable as yRead the rest of this comment... [ Reply to ThisAnd when you inevitably fail ... by GringoGoiano (Score:2)Monday October 10, @09:30PM The problem with Federal computer security (Score:2) by brennz (715237) on Monday October 10, @07:32PM (#13760379) The problem is too much duplicate effort, and the wrong people in charge of things.NIST, part of commerce, has come out with good documentation on information security. They have also created guides on host OS security duplicating NSA & DISA efforts.DISA, an agency within DOD, is the proponent for the Security Technical Implementation Guides (STIGs). These STIGs are the best, most updated guides on technical security within the US govt, and mandatory for DOD components.NSA, an agency within DOD, is the proponent for the Security Recommendation Guides (SRGs).DHS has created???????? They fund stuff from other agencies essentially.Until one agency within the fed that has the power to disconnect all agencies, reviews everyone's C&A documentation, standardizes security efforts, controls funding, then we'll have a woeful state within the US govt. It is just too balkanized. [ Reply to This Let's Save Time (Score:2) by Goo.cc (687626) * on Monday October 10, @08:45PM (#13760819) (http://metawire.org/~agent69/) and list was Homeland Security is prepared for. [ Reply to This What is their purpose? (Score:1) by TheGreatDonkey (779189) on Monday October 10, @09:05PM (#13760947) I read the article, and am a sysadmin, and really, what purpose would such a position serve? Is there a specific job description of responsibilities for the position? The article indicates that the individual would "coordinate the response" to an Internet attack, but at what level do they start to become involved, and really, with as dynamic as the Internet is and companies continually coming and going, being bought out, etc., how would they constantly maintain communications with all the players? As soon as any company receives a denial of service, do they contact the individual in this position so they can see if its important enough to warrant a coordinated response? If so, does the person in the position receive thousands of emails daily from concerned sysadmin's and filter through this? And even if they warrant my situation critical, what are they going to do for me? I already have the contact info for my upstream provider, and certainly they will be one of the first people I will be calling and working with on my own. If it is a major issue, I would expect they would be working with their upstream provider, etc. And back to coordinating with specific companies - our company had an international corporate VPN solution through AT&T, and getting support on this was a stellar effort for all involved, as within AT&T itself they were often confused about what "group" owned the VPN solution, and it was a consistently major undertaking to find the group to get us any help.It sounds like a position with little purpose. Not that this would be surprising... [ Reply to This Whose responsible? (Score:1) by gaanagaa (784648) <gaanagaa@gmail.cFORTRANom minus language> on Monday October 10, @09:36PM (#13761078) (Last Journal: Sunday August 28, @04:46PM)