Everyone, from government watchdogs to bloviating columnists, has a bright idea about how they should do their job better.
But there also is a statute of limitations on the public's patience. Two years ago this month, the Department of Homeland Security established a cybersecurity division to shore up the nation's defenses. The results to date include three cyberczars, millions of dollars in taxpayer expense, and thousands of worm and virus attacks.Hardly a sterling record of accomplishment.
Even regular Americans--not just the digital denizens of Silicon Valley--are frustrated with the lack of tangible progress. Most respondents surveyed in a recent poll of likely voters believe the government has failed to do enough to make the Internet safe. Only 28 percent said they thought Uncle Sam was doing a good job.
Will any of this light a fire in Washington? As a political issue, cybersecurity rarely leads the evening network newscasts. New legislation to establish the weighty-sounding position of Assistant Secretary for Cybersecurity may help. So might the passage of the DHS Cybersecurity Enhancement Act of 2005. (Money and authority never hurt.)
But a drumbeat of criticism nonetheless is growing in response to current events.Maybe the new blood at DHS will take the criticism to heart and order a recalibration, because there's no time to waste. More than 1,000 new worms and viruses were discovered in the last six months alone. What's more, networks will run into more complex worms and viruses--some of which will be deployed by politically motivated hackers--in 2005 and beyond.
You don't need be an alarmist to imagine some pretty hairy stuff. A couple of years ago, the Slammer worm disabled a nuclear power plant's safety monitoring system for nearly five hours. This fast-propagating worm also affected five other utilities. No lasting damage was recorded, but that was through sheer luck.
So, what needs fixing at DHS? The better question is: What doesn't need fixing? You can read about the extent of the mess in an exhaustive report published by the Government Accountability Office, the investigative arm of Congress. The GAO report found problems that ranged from the structural to the cultural, such as the reluctance of the department's managers to play nice when it comes to cooperating with other branches of the federal bureaucracy and the private sector.
In fairness, you can reach back a decade to find examples of turf wars over how best to protect the nation's infrastructure. But after the Sept. 11 attacks, you wouldn't expect to find the DHS still failing to fully make the grade in 13 areas of responsibility (as per the GAO report). That's quite a record of ineptitude, even for the federal bureaucracy. But don't think any of this has led to great introspection.
The mindset that led to this dismal state of affairs still flourishes. One idea put forward by the GAO team was to establish clear milestones and performance metrics. But the DHS rejected recommendations and sought "clarifications" (bureaucracy-speak for telling another agency to stuff it). At this point, I would point you to the memorable line uttered by Strother Martin in the movie "Cool Hand Luke": "What we've got here is failure to communicate."
David Powner, who was responsible for the GAO report, put things more diplomatically. "They thought their current strategic plan addressed those challenges," he told me. "We didn't see that in their plan."
In the meantime, Powner and others live in dread of the nightmare scenario: a combined terrorist attack against a physical asset like a power grid, paired with a devastating attack against the nation's cybernetworks and communications systems.
"If you look at the recovery plans (DHS has in place), more work needs to be done," he says. "If you look at reconstituting the Internet if there were an event that took down the network, there's still not a plan in place."
Biography
Charles Cooper is CNET News.com's executive editor of commentary.
See more CNET content tagged:
bureaucracy, nation, worm, Washington, virus
government fight against those that wish us "The American
People" great harm.
People just think for a moment what would have happened if the
Nu-Plant would've had some major leak or worse because some
sick person disabled the plants security monitoring system.
People listen.
Their are very crazy people out there trying to really hurt us in
more ways than one and will continue to do so if we don't help
our government. Their is only so much they can do.
I really feel that those people out there are testing our security
systems to see what they can do and also our response to these
situations.
Our govenment is trying to protect us and we must help them to
protect us because it's also protecting yourself and your loved
ones.
Report any kind of suspect activity.
Also to all you hardcore gifted programmers and coders.
You too can join the fight and help protect our nation.
We have only one and it's ours.
Let's all get together and help out.
Everybody lives near or close to some power plant or somebody
you know and care about.
Just think for a second if that plant would have explded?
We have to help our government and each other because know
one else will.
If you think the Internet can't kill you then you need to research
and learn a little more.
Take care and God Bless.
Nino.
government fight against those that wish us "The American
People" great harm.
People just think for a moment what would have happened if the
Nu-Plant would've had some major leak or worse because some
sick person disabled the plants security monitoring system.
People listen.
Their are very crazy people out there trying to really hurt us in
more ways than one and will continue to do so if we don't help
our government. Their is only so much they can do.
I really feel that those people out there are testing our security
systems to see what they can do and also our response to these
situations.
Our govenment is trying to protect us and we must help them to
protect us because it's also protecting yourself and your loved
ones.
Report any kind of suspect activity.
Also to all you hardcore gifted programmers and coders.
You too can join the fight and help protect our nation.
We have only one and it's ours.
Let's all get together and help out.
Everybody lives near or close to some power plant or somebody
you know and care about.
Just think for a second if that plant would have explded?
We have to help our government and each other because know
one else will.
If you think the Internet can't kill you then you need to research
and learn a little more.
Take care and God Bless.
Nino.
Instead of having budgetary and policy control over all necessary aspects of IA and IS, this branch has probably had to beg and borrow for everything. It would be very typical of how many organizations treat IT - a necessary evil to cuss and moan about when IT problems arise, but fail to support as needed to prevent those problems.
Meetings, group discussions, presentations and point papers likely fill the security chief's schedule. How much time can the department actually focus on the problems at hand? How are they working with industry - not just infosecurity industry CIOs and representatives, but with the programmers and designers who engineer the engines that battle the hackers, spoofers, spammers, virus writers and the like? What do you think the chances are that the head of DHS Cybersecurity can find a security site like Astalavista?
Should the head of this branch be able to play the political game? Of course, but he or she should also be able to talk at the 10,000 foot level about actual information security issues, and get a pulse on where the underground is going. Where are the red and blue teams? Why isn't the DHS attacking the sources and reporting the successes, and why can't DHS defend against the kid using the "build a virus by numbers" programs the true experts are releasing?
Want some progress? Establish a higher position for the cybersecurity czar, and fill several offices with 2210's, contract IA/IS specialists, industry consultants, and military teams. Set goals and let them do the job unimpeded. Cut the red tape. Take a serious approach and treat it like a battle, and see what happens. Two years with no results is long enough - it's time to get real.
It is hard but maybe when they are personally afftected with our
problems will they respond in kind.
Very good post.
Nino.
Instead of having budgetary and policy control over all necessary aspects of IA and IS, this branch has probably had to beg and borrow for everything. It would be very typical of how many organizations treat IT - a necessary evil to cuss and moan about when IT problems arise, but fail to support as needed to prevent those problems.
Meetings, group discussions, presentations and point papers likely fill the security chief's schedule. How much time can the department actually focus on the problems at hand? How are they working with industry - not just infosecurity industry CIOs and representatives, but with the programmers and designers who engineer the engines that battle the hackers, spoofers, spammers, virus writers and the like? What do you think the chances are that the head of DHS Cybersecurity can find a security site like Astalavista?
Should the head of this branch be able to play the political game? Of course, but he or she should also be able to talk at the 10,000 foot level about actual information security issues, and get a pulse on where the underground is going. Where are the red and blue teams? Why isn't the DHS attacking the sources and reporting the successes, and why can't DHS defend against the kid using the "build a virus by numbers" programs the true experts are releasing?
Want some progress? Establish a higher position for the cybersecurity czar, and fill several offices with 2210's, contract IA/IS specialists, industry consultants, and military teams. Set goals and let them do the job unimpeded. Cut the red tape. Take a serious approach and treat it like a battle, and see what happens. Two years with no results is long enough - it's time to get real.
It is hard but maybe when they are personally afftected with our
problems will they respond in kind.
Very good post.
Nino.
Yet hackers continue to hit my Hotmail account and use it to send malicious spam. I got an undeliverable mail reply from an Army server that said a message sent in my name contained a malicious trojan. I now change my sixteen digit password (the max limit set by Microsoft) on a daily basis. The spammers are apparently from the UK, Russia, Holland, Argentina, and Brazil.
Three years ago, my system was hacked by that Brazilian VX group and they corrupted my system with the Hyvaris virus. I was forced to reformat and reload everything.
I am now better protected, but new password hacking algorithms are making my password protection obsolete. If they can crack sixteen digit passwords so easily, they can do the same for twenty four or a hundred twenty eight. I am curious about what you recommend for the country's cyber security. Its easy to criticise, but if you were put in charge of cyber homeland defense, what defenses or protocols would you establish?
What kind of networks are you running because you have to be
around them in order to get their attention for them to use you
as a gateway into other systems.
I'm was born in Brooklyn and raised in the Bronx and just like Al
Capone said which was quoted in the movie The Untouchables.
You get farther with a gun and a kind word than just a kind
word.
Living my entire life in the Bronx has taught me just that.
Some people don't respect other's unless you break some part of
their body with the promise to do it worse if their is a next time
which in most cases their isn't.
Most of these hackers are a bunch of little punk nerds living
behind their digital world thinking their safe. Until someone
reaches out and touches them back into the world of reality
where it costs you and people like me a lot of money, time and
serious aggrevation for the major pains their causing us in
reinstalling an entire network.
I just get really mad that I can't get to them but you never know!
But getting back to your attacks. That seems to be personal?
You had to have gone through one of their trap sites?
Sorry to hear about all your trouble's.
When the government really gets tired one day maybe they will
really do something more.
Later
Take care. Nino
Yet hackers continue to hit my Hotmail account and use it to send malicious spam. I got an undeliverable mail reply from an Army server that said a message sent in my name contained a malicious trojan. I now change my sixteen digit password (the max limit set by Microsoft) on a daily basis. The spammers are apparently from the UK, Russia, Holland, Argentina, and Brazil.
Three years ago, my system was hacked by that Brazilian VX group and they corrupted my system with the Hyvaris virus. I was forced to reformat and reload everything.
I am now better protected, but new password hacking algorithms are making my password protection obsolete. If they can crack sixteen digit passwords so easily, they can do the same for twenty four or a hundred twenty eight. I am curious about what you recommend for the country's cyber security. Its easy to criticise, but if you were put in charge of cyber homeland defense, what defenses or protocols would you establish?
What kind of networks are you running because you have to be
around them in order to get their attention for them to use you
as a gateway into other systems.
I'm was born in Brooklyn and raised in the Bronx and just like Al
Capone said which was quoted in the movie The Untouchables.
You get farther with a gun and a kind word than just a kind
word.
Living my entire life in the Bronx has taught me just that.
Some people don't respect other's unless you break some part of
their body with the promise to do it worse if their is a next time
which in most cases their isn't.
Most of these hackers are a bunch of little punk nerds living
behind their digital world thinking their safe. Until someone
reaches out and touches them back into the world of reality
where it costs you and people like me a lot of money, time and
serious aggrevation for the major pains their causing us in
reinstalling an entire network.
I just get really mad that I can't get to them but you never know!
But getting back to your attacks. That seems to be personal?
You had to have gone through one of their trap sites?
Sorry to hear about all your trouble's.
When the government really gets tired one day maybe they will
really do something more.
Later
Take care. Nino
Government to really put software/hardware to the test.
I know their are really smart people out there than can do the
work your talking about but?
Like everything else it's all a matter of time because the digital
world is still in it's infancy as far as the technology is concerned.
Hopfully it won't be too much longer.
Take care, Nathan.
Nino.
Government to really put software/hardware to the test.
I know their are really smart people out there than can do the
work your talking about but?
Like everything else it's all a matter of time because the digital
world is still in it's infancy as far as the technology is concerned.
Hopfully it won't be too much longer.
Take care, Nathan.
Nino.
I can't begin to tell you how good it is to read that ?someone? , read that ?ANYONE? , is serving notice to the ?virus-blind? internet users out there that the script kiddee , hackers out there on the web are doing alot of disruptive damage everyday ... (Whew!) ... It is in this spirit that I wish to publicly thank , in particular , AVG , for its fine , free , anti-virus offering ...
When will computer users on the web realize ITS NOT UP TO THE GOVERNMENT TO PUT (CYBER) DIAPERS ON EVERY PC USER IN THE USA !!! A little personal responsibility , on each users part , is surely the answer here ... The resources are out there , you merely have to look for 'em ...
In short , we can blame WINDOWS , and all security 'holes' til the (cyber)sun goes down , but the ultimate responsibility rests with the individual user ...
I can't begin to tell you how good it is to read that ?someone? , read that ?ANYONE? , is serving notice to the ?virus-blind? internet users out there that the script kiddee , hackers out there on the web are doing alot of disruptive damage everyday ... (Whew!) ... It is in this spirit that I wish to publicly thank , in particular , AVG , for its fine , free , anti-virus offering ...
When will computer users on the web realize ITS NOT UP TO THE GOVERNMENT TO PUT (CYBER) DIAPERS ON EVERY PC USER IN THE USA !!! A little personal responsibility , on each users part , is surely the answer here ... The resources are out there , you merely have to look for 'em ...
In short , we can blame WINDOWS , and all security 'holes' til the (cyber)sun goes down , but the ultimate responsibility rests with the individual user ...
The real answer is to hold manufacturers responsible for flaws in their operating systems. Airplane and auto manufacturers have long been held responsible for flaws in their products so why should software manufacturers be immune.
I bet the flaws would be fixed in double quick time!
The real answer is to hold manufacturers responsible for flaws in their operating systems. Airplane and auto manufacturers have long been held responsible for flaws in their products so why should software manufacturers be immune.
I bet the flaws would be fixed in double quick time!
- What we need is count our blessings.
- by Albertv June 20, 2005 7:49 AM PDT
- After a 9/11 style event in cyberspace on the Gov we will focus and not before. Heck the majority in our Gov agencies does not see the dangers or if they do they are busy CYA'in for such an event. Fore the real 9/11 remedies after billions spend have not much to show for it either, other than "us" Americans loosing our 'freedom? we said we were not going to let them take that away from us. Well they did. So maybe it's a blessing in disguise they are not able to get their act together.
- Reply to this comment
-
-
- Whoooa!!! I'm afraid quite a few of you miss my point ...
- by herrwitt June 22, 2005 9:57 PM PDT
- My message was speaking to the responsibility of 'all' the net users/surfers who make use of our collective (cyber)highway everyday ... Take some responsibility for your respective pc's !!! Make sure your system is virus-free BEFORE you become THE carrier of a web-born virus that infects others ... If YOU want government oversite of the web just keep treating the (cyber)world as you currently are ... I fully understand that not everyone is guilty of keeping their pc virus free , but there are many users out there who overlook this potential dire situation and need to be vigilant ...
- View reply
Processing -
(28 Comments)