Podcast Our Picks | Help
Select Podcast Format | Help
Our Sermon Picks | Info
Single Random Pick | More
Scott McMahan
Scott McMahan  |  Internet
Email Us!Our Website
Keep up-to-date with all our latest news  |  post new
Our Blog
Older
 Newer
 Blog
 Post+
Search
  
Filter By

A computer expert's reaction to: The Comprehensive National Cybersecurity Initiative
WEDNESDAY, MARCH 03, 2010
Posted by: Scott McMahan | more..		3,150+ views
As a computer expert, here is my reaction...

Initiative #1. Manage the Federal Enterprise Network as a single network
enterprise with Trusted Internet Connections.

Reaction - This is a bad idea. You want decentralized, walled-off
systems which have limited sharing of credentials. If one system is
compromised, and you break through this wall and get behind it as a
trusted user, you have the run of the whole thing. The broader your
trust is, and the more centralized it is, the easier it is to breach the
barrier and be trusted anywhere inside.

Initiative #2. Deploy an intrusion detection system of sensors across
the Federal enterprise.

Reaction - This is a good idea. I'm surprised they don't already do this.

Initiative #3. Pursue deployment of intrusion prevention systems across
the Federal enterprise.

Reaction - "Pursue"? I'd like something a little more definite as a
goal. Nothing wrong with this, it's a good idea. There are tons of open
source tools that would level the playing field, and honeypot research
is always ongoing.

Initiative #4: Coordinate and redirect research and development (R&D)
efforts.

Reaction - Translation: The people behind this want to spend federal money.

Initiative #5. Connect current cyber ops centers to enhance situational
awareness.

Reaction - Translation: The people behind this want to control the turf,
so get ready for turf wars. See #4, where they want money. Money + turf
= power. Hey, at least they're being honest.

Initiative #6. Develop and implement a government-wide cyber
counterintelligence (CI) plan.

Reaction - Good luck with that. Has any government-wide anything ever
come together? At least they're being honest and telling us they want
this government-wide thing with them at the top.

Initiative #7. Increase the security of our classified networks.

Reaction - This is a good idea, but it's so vague it falls under if you
can't measure it, you can't manage it. Then again, you can hardly blab
about the inherent insecurity of your classified systems, can you?

Initiative #8. Expand cyber education.

Reaction - See #4 - education means these people want to spend feneral
money on education grants. These are basically government subsidies of
for-profit education, in this case DeVry, ITT, and Univ. of Phoenix. Do
we really want graduates from these schools running our country's cyber
security, and do we want to pit them against the best black-hat experts
that other countries have to offer?

Initiative #9. Define and develop enduring “leap-ahead” technology,
strategies, and programs.

Reaction - See #8 - our DeVry grads are going to leap ahead of the best
black-hat experts in the world? Really? If the government did what I did
on my home network (on a larger scale) we'd almost end security problems
as we know them. I don't think that's going to happen. A few "cyber
warriors" developing leap-ahead strategies isn't going to stop the
inertia of the other government branches basically emptying their
pockets buying insecure Microsoft operating systems. (I'm certainly not
doing anything special, just following best practices.)

Initiative #10. Define and develop enduring deterrence strategies and
programs.

Reaction - This is a waste of time because the technology world changes
too rapidly. Your "enduring" plan will be obsolete next year.

Initiative #11. Develop a multi-pronged approach for global supply chain
risk management.

Reaction - This is buzzword gibberish. Isn't our "supply chain"
dependent on China, anyway? I bought some crimpers and cable ties at
Harbor Freight recently. Guess where they were made? How long would our
network infrastructure last without China? I doubt I could put a network
together without Made in China tools. Maybe if I bought those new
ridiculously overpriced German tools they got in recently at Lowes.

Initiative #12. Define the Federal role for extending cybersecurity into
critical infrastructure domains.

Reaction - Translation: We want federal control over state and local
power plants, train depots, etc. Decenteralized control is much better
for cyber security. If you break into one small area, you can't take the
whole thing out. That's why they dug zigzag trenches in WWI - so if a
bomb landed in one traverse, it wouldn't take the whole trench out. This
sounds like they want to straighten out all the trenches so the
panopticon government can see up and down them with a clear line of sight.

Web Link:  CLICK TO FOLLOW EXTERNAL LINK

post new | clone this | rss feed | blog top »
Text feature this blog entry
Our Blog
Older
 Newer
 Top
get your own homepage | blog | photo albums | web store | iphone + mobile access | fun + easy!     
© 2013 SermonAudio.com. All rights reserved. Site Design: Animotion Studios