Department of Homeland Security Chairman Skeletor says number of security attacks on government installations doubled last year, according to intrusion reports filed with the US-CERT clearinghouse. In response, he calls for a "reverse Manhattan Project" to fend off security attacks. The details of this latest "National Strategy to Secure Cyberspace" initiative (not to be confused with the 2003 initiative of the same name) are largely secret, but involve allowing the NSA to monitor all U.S. government computer systems at the very least, as well as authorizing DHS's new Cyber Security Center to go into all federal agencies and install their own firewalls (and there is new firewall technology which will allow this to happen invisibly, called "transparent firewalls", which look like a bridge or switch to the network but which internally are capable of deep inspection of the traffic going through).
Now, the statistic about the number of security attacks doubling sounds alarming -- until you realize that the number of government computers monitored directly via US-CERT's "Einstein" program doubled last year. Most agencies not monitored by Einstein are not running intrusion detection systems capable of detecting security attacks. So double the number of computers monitored by Einstein, double the number of intrusion reports. Duh.
So there you have it, all the hallmarks of a Bushevik power grab: a) Find a statistic that can be spun out of context to create a "crisis". b) Raise a ruckus about how dire the situation is. c) Propose a solution that sucks yet more power into the hands of the military-security apparatus of the government. d) Ponies!
And oh, Chairman Skeletor? I happen to be one of the computer security professionals you're asking to join your team on this "reverse Manhattan Project" that you're talking about. I got just one thing to say to you: Kiss my fine-feathered ass. Clear enough? You made sure the DHS got created without Civil Service protection so that all employees were political employees, so why the fuck would I want to go to work for you, when I'd just get fired and replaced by the next President's team when he got into office? I swear, Chertoff is the stupidest bastard on the planet, when he's not being evil. Fuck, even when he is being evil. (See: Katrina).
-- Badtux the Security Penguin
If they insist on building web sites with MS software, and using MS server software, and paying "outside consultants" with former plane and tank drivers on their board to help them with these atrocities, why would any "professional" want this on their resume?
ReplyDeleteI had too many discussions with the officers foisted upon us in intel ops as to why they shouldn't install a standard telephone in the analysis area, to take any of these people seriously.
It is too easy, and too standardized to secure an X-based system, that the use of anything from MS already says you aren't serious.
Firewalls, proxies, certificates, passwords, permissions - all foreign concepts to the powers that be. How do you introduce the concept of security to people who allow flashdrives into secure facilities, and can't keep track of nuclear weapons?