The political blogosphere is abuzz over rumors that the White House may issue an Executive Order aimed at improving the security of information held on government computer networks. Some are fulminating against the alleged proposal, perceiving it as part of an ongoing attempt to stymie WikiLeaks-style exposés of embarrassing documents.
The Anti-War blog insists that WikiLeaks was a useful experiment in showing just how much of the classified data emanating from government every year can be made public without any tangible damage to safety and security. In a general pile-in on the Democratic Underground's message boards, this makes Obama "Bush III" or worse. The Noisecast points out, perhaps more aptly, that WikiLeaks did serve the purpose of showing just how unprotected the nation's proposed secrets are.
In fact, the blog which broke the story, Secrecy News, describes an order which would go rather wider than WikiLeaks, and might even address some much-needed vulnerabilities. According to, well, a leak, "the order addresses gaps in policy for information systems security, including characterization and detection of the insider threat to information security. It does not define new security standards, nor does it impose the security practices of intelligence agencies on other agencies... Rather, the order establishes new mechanisms for 'governance' and continuing development of security policies for information systems."
Admittedly, we've yet to see confirmation that this order, supposedly fast-tracked over the last few months, exists. But does it seem such a bad idea?
In addition to the WikiLeaks episode, this year has seen the prankster hacking of Pentagon-associated military contractors Booz Allen Hamilton and a just-for-laughs intrusion on Senate databases. Much more worrying than the exploits of teenage masterminds, many have been quick to blame China for the lengthy and belatedly discovered trawl through government and defense databases known as "Operation Shady RAT."
My simple point is that the current situation suggests that the cyberdoors are standing wide open to much more threatening characters and hostile enemies than Julian Assange.
The insider threat clearly needs to be treated as seriously as hacking exploits. Gaps in information security policy do need to be closed. What is needed, above all, of course, is concrete progress on systems security, including the key and apparently intractable issue of authentication.
Fast-tracking an Executive Order is all very well, but fast-tracking NSTIC would seem to be a prerequisite for conclusive action. As long as the networks hosting the nation's digital infrastructure and security systems can't distinguish between good and bad actors, it remains endangered: a predicament which is likely to be exacerbated when the networks migrate to the cloud, with what the NIST described as its "large attack service."
Tweaking the policies which control insider access to sensitive networks is probably a good idea. Ultimately, it's technological fixes we need, however, not well-intentioned government wish-lists.
LOL!! I think it would be awesome if the government went out and hired a well known security guru to run this project.
Right now I'm thinking Richard Bejtlich or someone of that stature that has government and private sector experiance. They need to give new blood to these programs and hiring outside might help.
Surface, I think. You isolated one of the real problems, authentication. However, the intractable problem is people, not systems. Understanding the personal and political movitations of individuals is the big hole in any system, and government data is more susceptible to political risk factors than other type. Background checks are a good start, but don't close the door. Insiders who know the systems will always find ways to get around security. That said, the PR value of an executive order may have political value.
I find it very funny that the protection about plugging leaks was leaked. I'm very interested in what they'll be doing to protect their data? Policy and procedure is one thing, but they're going to have to back this up with some type of proactive technology like DLP.
WikiLeaks will be a great selling point when the exec order is finalized. I think many feel that even though there is "no measurable harm to any individuals in the U.S. government" or "any damage to the safety and security of Americans as a whole," there has been in an unmeasurable way. And even if the Wikileaks leak only served to show the vulnerability of govt docs and secrets then good, it worked. Now the govt is going to try and improve network security. The PR alone is probably needed to counter the public's lack of faith in govt network security.
Without knowing what will actually materialize here, it's tough to offer a strong opinion; but I can say that if the government was not looking to close holes, I'd be more worried. I think the government mishandled much of what went on with WikiLeaks itself, but that's a separate issue from the fact that it should be taking measures to secure our sensitive data.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
When David E. Sanger of The New York Times broke the news that the United States was responsible for the Stuxnet malware exploit against Iran's nuclear program, Senator John McCain accused the administration of deliberately leaking the story to enhance President Obama's national security record.
The Gamma Group's business of supplying surveillance technology exclusively for use by government agencies may be legitimate. But not when it poses as the popular, free, open-source web browser Firefox.
Yesterday's hack of the official Associated Press Twitter feed demonstrated the enormous risk attached to the platform's lazy, single factor approach to security.
Cybercriminals don't hesitate when they see an opportunity to spread malware. Not even when it means exploiting as horrific an event as the Boston Marathon bombing.
US counterterrorism expert Richard Clarke, who came to prominence with his prescient warnings before the 9/11 attacks, tells Smithsonian Magazine the US was responsible for the Stuxnet supersmart worm that attacked parts of nuclear reactors in Iran – and in the process, has given away one of the world's most sophisticated cyberweapons.
Sean Smith, a US Foreign Service IT manager, gave his life in service of his country and the world. His life and death are a humbling example for all of us who work in IT.
Jane Williams, technology training manager for Multnomah County, says the ability to share resources is just one of the coming benefits of moving the county's intranet to a Drupal Commons platform hosted in the cloud.
Law enforcement agencies are poised to use iPhones as facial recognition systems in the coming months. The technical advance promises efficiency but has created a backlash among civil liberties proponents.
Is China a threat because it censors US sites, or could it be that the country might have an economic formula that will out-innovate us on the Internet that we invented?
Cyber Warfare may be the next frontier for tactical hacking. It has already reared its head in Estonia, Russia, and Georgia, and some say it has been used by North Korea, China, and other world powers. The implications and the potential are both fascinating and scary.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Subsidized handsets, rather than locked handsets, should be the focus of regulators. We're not getting good deals, not fostering innovation, and weakening our power as buyers.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
