(((You look at a boondoggle like this, and... gee whiz, people. If there ARE
any "cyberterrorists" – and after all the dry runs lately, there have got to be at least a few – all they've gotta do is whack a big bank someplace, create some anklebiting annoyance, and then hit the media with a scare report that they've crashed the world financial system. Everybody will believe it. Civilization will be instantly returned to the year 1931 AD.)))
(((I dunno... but if we can't even secure the financial system, how can we secure "critical infrastructure" – whatever that is? Time to pull the gas nozzle out of the McCain-Palin SUV, sit down in a bar someplace, have a few Pabst Blue Ribbons and thoroughly search our souls.)))
(((From SANS, who are now quoting THREAT LEVEL while assessing spavined federal policy initiatives. Hey, good one, SANS.)))
–DHS Criticized Again Over Lack of Cyber Attack Preparedness
(October 13, 2008)
Chairman of the US House Homeland Security Committee Rep. Bennie
Thompson (D-Miss.) says the US Department of Homeland Security (DHS)
has not taken necessary steps to prepare for major cyber attacks.
DHS was to have completed eight planning scenarios and accompanying documents regarding preparation for different vectors of attack, including cyber attacks as the foundation of the National Response
Framework. Rep. Thompson has asked DHS to submit a schedule for completion of the scenarios and associated documents by October
23. (((Not only can they not complete "homeland securing" anything, they can't even COMPLETE SCENARIOS! These guys should be fired en mass and replaced with the staff of SUPERSTRUCT.)))
Just weeks ago, the DHS was criticized by the Commission of Cyber
Security for the 44th Presidency regarding its lack of preparedness for fighting cyber attacks; the Commission recommended placing the locus of national cyber security somewhere else. DHS has refuted the
Commission's allegations, saying that "a reorganization of roles and responsibilities is the worst thing that could be done to improve our nation's security posture against very real and increasingly sophisticated cyberthreats." (((Okay, keep the "roles and responsibilities"
and put someone into those offices who can actually MEET
some roles and responsibilities.)))
http://www.fcw.com/online/news/154055-1.html http://news.cnet.com/8301-10787_3-10048033-60.html
[Editor's Note (Pescatore): There is a lot of political maneuvering going on, pretty much standard operating procedure for an administration change. The major problem is that information security is a very big business and there are major competing interests in government to control budgets - but also in private industry to influence potential spending.
The real bottom line is *no*
government agency is going to ever actually drive protection of the thousands of businesses connected to the Internet any more than any government agency can protect the wired or wireless telephone system
- - or the economy. Thinking there can be a centralized solution to a totally distributed problem is like sending battleships after terrorists. (((Okay, then after ten years maybe we've learned something. So now what?)))
However, there are proven mechanisms for how government and industry can cooperate for the good of the whole. Ten years ago
Presidential Decision Directive 63 laid out what is still the best roadmap for the role government can play in all this - but since it didn't try to create new empires or new pork barrel opportunities it has largely been ignored. (((Oh. I didn't realize that their true name was the "Homeland Empire Pork Barrel Department."
Can we put that on the TSA uniforms, please?)))
(Northcutt): Timing is everything and this comes just after the
Air Force is having second thoughts about their Cyber Command. The
US has not prioritized security and this will probably bite us:
http://blog.wired.com/defense/2008/08/air-force-suspe.html
(((All kinds of extra whoopee right here.)))
http://www.theatlantic.com/doc/200811/airport-security
http://blog.wired.com/defense/2008/10/spies-worry-hac.html#more
