Cyber Insecurity

Government Inc. has been fretting lately and for the umpteenth time about cyber security. Signs are that it's a lot worse out there than we want to admit.

I was startled by a recent chat in one of the most secure rooms in the universe, where a government official said as an aside that many company computers are so besieged by on-line attacks that executives consider themselves already engaged in a cyber war.

Anyway, I was reminded about all of this by a very interesting blog at Government Computer News. GCN senior writer John Rendleman said this:

"The Defense Department is increasingly concerned that software it procures from contractors is in some cases being written overseas and may include unexpected or harmful lines of code, according to the Pentagon's chief information officer."

I'm working to get my mind around the implications. Out-source code?

For those who missed it, GNC ran this:

"Five years after formation of the Homeland Security Department, cybersecurity is becoming a major focus of the department, Secretary Michael Chertoff said Tuesday at the RSA Security conference."

"'The department has never completely ignored the area,' he said in his remarks during the opening sessions of one of the nation's largest gathering of security professionals. He cited the National Cyber Security Division and US-CERT, the nation's primary early warning system for cyberthreats. CERT is good, but not sufficient, he said.

"'The time has come to take a quantum leap forward' from CERT's reactive capabilities, he said."

"That leap, Chertoff said, is embodied in the president's joint national security and homeland security directive creating a National Cyber Security Initiative.

"'It is almost like a Manhattan Project to defend cyber networks,' he said, referring to the World War II crash project to develop an atomic weapon."

For what it's worth, I've been hearing about massive efforts to address cyber security gaps for years. The gaps appear only to be getting bigger.

Please show me I'm wrong.

By Robert O'Harrow |  April 28, 2008; 5:54 PM ET computer security
Previous: IGs, Oversight, Reform | Next: Oh My


Please email us to report offensive comments.

No, sadly, after all this time the 'progress' made in not only the security area but in updating grossly inefficient systems and systems so old they have little security built-in and funtionality so old it may as well not be there. Like the home-users who buy an AV package and then never update the signature files - useless.

I read last week about the FBI handing out another expensive contract to another company to again try to streamline their agents' work. The last 'try' at that a couple of years ago failed so badly they abandoned the contract they had already paid millions on!

Raise your hand if you work for a company that would accept that.

The agencies don't have to wait for a contractor to build this or code that or buy new hardware; the security "Best Practices" that every publically-traded company is required to have in place, and monitor, and review, and audit, would go a long way to cutting down on security breaches. Rule #1 - STOP LEAVING YOUR LAPTOPS LAYING AROUND TO GET STOLEN!

If they made every employee no matter whom, yes even the hand-picked crony agency heads, pay an exorbitant amount of money for a lost laptop I think it would cut down the number of "lost" laptops, some of which I'm certain go "missing" on eBay.

Posted by: LALA | May 1, 2008 2:49 AM

The comments to this entry are closed.


© 2007 The Washington Post Company