This is a follow-on to my post below “Will We Fiddle while the Internet Burns?“. Two more events go to show how the Department of Homeland Security continues to miss the boat on anything related to securing our networks against attack by either foreigners or home-landers:
First, DHS has now published its National Infrastructure Protection Plan (pdf available here) which contains what the IT industry considers only passing and inadequate references to cyber security, and is regarded as relatively useless as a framework for performing risk assessment and management by corporate or other governmental security or information officers. To say that the NIPP glosses over cyber-security is a considerable understatement.
Second, Rep. Zoe Lofgren of California, who worked on a bi-partisan set of recommendations to Secretary Chertoff regarding cyber-security, has published an editorial that sharply criticizes Chertoff in this area and points out how many key positions under the cyber-security czar remain unfilled, as the Czar’s position is being filled by a temporary contractor (as my blog points out).
So is this really a problem? Well, from a very recent AP story:
The State Department is investigating “anomalies” in its unclassified computer system, the agency said Tuesday, declining to comment on a report that the department’s computers had been hacked.
The Associated Press said the State Department detected large-scale break-ins of its computers last month in its headquarters and offices that deal with China and North Korea.
State Department spokeswoman Nancy Beck confirmed only the problem was not a computer virus and that an investigation was under way.
So yes, it is a problem. And its a problem now. And, incidentally, the investigators believe the attacks originated in east Asia.
Leave a comment