The number of cyber security incidents at federal civilian agencies reported to the US Department of Homeland Security's US-CERT has tripled since 2006. In fiscal 2008, 18,050 incidents were reported, compared with 12,986 in fiscal 2007 and 5,144 in fiscal 2006. Agencies are required to report cyber security incidents under the Federal Information Security Management Act (FISMA); such incidents include unauthorized access, denial of service, malicious code, improper use, scans, probes and attempted unauthorized access.Things are pretty serious for the Fed.Gov security types. USB thumb drives have been banned after classified network suffered malware outbreaks. So what's the plan from the presumptive CyberSecurity Czar?
"Who is in charge [in the event of] a cyber-Katrina?" said [Paul] Kurtz, who served on homeland security councils for both the Clinton and Bush administrations and is now a security consultant with Good Harbor. "Is it the FCC? DHS? Commerce? The White House? No one has an answer to that, and that's pretty darn scary."I'll take Bureaucratic Infighting for $500, Alex ...
Color me unimpressed. Water has flooded the engine rooms, and is up to the scuppers, and people are arguing who's Captain?
I guess that Kurtz deserves kudos, going to the Black Hat Security conference, even though it's thoroughly mainstream now. But hokey smokes, there's more to worry about than who's on first.
Like what if Bad Guys (meaning "Foreign Adversaries") close down the Port of Long Beach because their malware toasted all the computers who handle logistics there. And at the port of New Orleans. And Houston, and Newark, and Beaumont, and Baltimore ...
How do you stop the 3rd Infantry Division? You don't bomb it, because we own the skies. You don't shoot it up, because they shoot back. Better.
But if it doesn't get any gas or ammo, it stops cold.
The Army better be thinking about this first, not who's in charge during the Cyber-Katrina.
Mr. Kurtz, some people want to be someone. Others want to do something. Dazzle me.
Postscript: It seems that Google has me as the #1 hit for how to hack a classified network. Lord save us.
No comments:
Post a Comment