This is perhaps a niche security topic, but some of you are as niche as me:
The US is suing a former senior manager at Accenture for allegedly misleading the government about the security of an Army cloud platform.
Danielle Hillmer, 53, of Chantilly, Virginia, is accused of deceiving auditors over the capabilities of a service the government commissioned in 2017.
Although it is only referred to as Company A in the court documents, Hillmer claimed to work for Big Four consulting firm Accenture during the stated timeline, according to a now-deleted LinkedIn account.
The US alleges that between March 2020 and November 2021, Hillmer obstructed federal auditors and falsely represented the security of the company's cloud platform, which was used by other government customers beyond the Army.
Perhaps not security per se, but this raises the question of just how much do you trust the audit process?
6 comments:
It may be different with IT but in finance, audits only rarely find serious problems. Niggling procedural problems are the normal grist for that mill. Serious stuff is found via whistleblowers or rejected spouses/lovers.
That is interesting, to put it mildly. And NOT in a good way.
I personally know less than a thimble full about cybersecurity. Those who do know, who are SMEs, who I have read on the subject, all say there is no such thing as security. It may be difficult to crack, but never impossible.
Overstating the abilities is a serious breech and should be prosecuted to the hilt. My question is why didn't the client catch it sooner/how long in service before it was discovered?
Data breeches are regular, nigh ubiquitous. I would view any claim with the most jaded eye. Then set about testing to the point of failure. Why wouldn't a client as large as the US Army have a dept concerned solely with breeching security? Professional hackers, as it were.
I doubt it was for secure information and they just rented space for general data. It would only be bothersome if it was highly classified or was everyone's full name, address and SSN which the Army, Navy, USAF and Marines have only fully compromised 2,343,932,830,181 times since last year.
@Rick - "Why wouldn't a client as large as the US Army have a dept concerned solely with breeching security? Professional hackers, as it were."
They do. There's not a whole lot of people in that office.
Remember, the vast majority of military leaders are midwit graduates of liberal arts colleges. They deal with people by yelling, threats, and bureaucratic backstabbing. They understand most technology about as far as they can pick it up and throw it at someone.
Let's assume they're like the Navy when it comes to web and cloud services. The top Navy leaders decided to hire EDS to manage every single aspect of its web and computer services and forced every existing navy petty officer to do something else because they were not now permitted to work on things that belonged to EDS.
I think that perhaps the Army hired some contractors to look at the situation, propose a solution and then hired a different contractor to implement it because that's the way federal procurement laws work. It goes without saying that along the way people like SES nitwits f$cked around with the specs on the contract to f$ck it totally up. But that's also the way procurement works.
Post a Comment