Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion

search


This page contains all of the posts and discussion on MemeStreams referencing the following web page: A Pared-Back Security Initiative. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

A Pared-Back Security Initiative
by w1ld at 7:32 pm EST, Jan 7, 2003

] "The Bush administration has reduced by nearly half its
] initiatives to tighten security for vital computer
] networks, giving more responsibility to the new
] Department of Homeland Security and eliminating an
] earlier proposal to consult regularly with privacy
] experts.
]
] An internal draft of the administration's upcoming plan
] to improve cybersecurity also no longer includes a number
] of voluntary proposals for America's corporations to
] improve security, focusing instead on suggestions for
] U.S. government agencies, such as a broad new study
] assessing risks.
]
] "Governments can lead by example in cyberspace security,"
] the draft said."

Would love to hear what you have to say about that last quote. :)


 
RE: A Pared-Back Security Initiative
by Decius at 2:34 am EST, Jan 8, 2003

w1ld wrote:

] ] An internal draft of the administration's upcoming plan
] ] to improve cybersecurity also no longer includes a number
] ] of voluntary proposals for America's corporations to
] ] improve security, focusing instead on suggestions for
] ] U.S. government agencies, such as a broad new study
] ] assessing risks.
] ]
] ] "Governments can lead by example in cyberspace security,"
] ] the draft said."
]
] Would love to hear what you have to say about that last quote.
] :)

Last month an "internal draft" was going to have FBI monitored IDS systems installed in every network. This month an "internal draft" has the government "leading by example." Basically, I'm ignoring this until the government actually releases a proposal. Just because some idiot somewhere wrote a draft doesn't mean it will become Administration policy.

Having said that, no, I don't think the government can "lead by example." There are plenty of "examples" of the right things to do out there. The problem is not lack of good examples. The problem is that people just don't understand that this is important, and if so, how. People would rather be vulnerable then take on the expense associated with security. This creates national security problems, and network abuse problems. If you want to address those problems you have to teach people to care. You have to teach them that running a secure website is like always washing your hands. Its not just about security from things you can see. Its about not being a carrier for things you can't see.

So if this is the proposal, I'll say the government ruined a really good opportunity.

Unsubstantiated Conspiracy Theory: John Markoff's unsubstantiated conspiracy theory created all kinds of noise at the White House from people who were opposed to something they haven't read. The White House responded by telling the people working on this that they are going to kill the project. Those people responded by "leaking a draft" that eliminates all the good things that the proposal would do. They are hoping people will be equally pissed off, thus justifying their existence to the President.


  
RE: A Pared-Back Security Initiative
by flynn23 at 2:09 am EST, Jan 10, 2003

Decius wrote:
] w1ld wrote:
]
] ] ] An internal draft of the administration's upcoming plan
] ] ] to improve cybersecurity also no longer includes a number
] ] ] of voluntary proposals for America's corporations to
] ] ] improve security, focusing instead on suggestions for
] ] ] U.S. government agencies, such as a broad new study
] ] ] assessing risks.
] ] ]
] ] ] "Governments can lead by example in cyberspace security,"
] ] ] the draft said."
] ]
] ] Would love to hear what you have to say about that last
] quote.
] ] :)

] Having said that, no, I don't think the government can "lead
] by example." There are plenty of "examples" of the right
] things to do out there. The problem is not lack of good
] examples. The problem is that people just don't understand
] that this is important, and if so, how. People would rather be
] vulnerable then take on the expense associated with security.
] This creates national security problems, and network abuse
] problems. If you want to address those problems you have to
] teach people to care. You have to teach them that running a
] secure website is like always washing your hands. Its not just
] about security from things you can see. Its about not being a
] carrier for things you can't see.

I have something interesting to add. I had breakfast the other day with someone who is intimately involved in the security business. Not just tech security, but the whole spook ball of wax. Surveillance, background databases, building security, process, screening, encryption, the whole nine yards - for the biggest security company in the world.

Anyways, this person said that after 9/11 everyone and their brother had REPORTS done to identify weaknesses. The consulting business was aglow and still is with surveys. But no one has DONE ANYTHING about fixing those weaknesses. The reason? Cost. In 99 out of a 100 cases, the cost of FIXING the weakness was less than the cost of an exploit. This was the case for everything. From hacked servers to bombs in the parking garage. From hiring of potential corporate espionage risks to making sure the disgruntled employee doesn't come back and blow your head off. Most companies felt that they'd rather take their chances than spend the money to prevent further security breaches.


 
 
Powered By Industrial Memetics