Perfect Citizen? Scary name, but probably a good idea…
So have you heard of Perfect Citizen? It’s a relatively creepy sounding program whereby the NSA (and apparently the DoD?) would use federal resources to monitor and track private-sector threats and (also using federal resources) respond if need bo. I’m assuming they’re only looking at critical infrastructure (Utilities, FS, Healthcare, Telecom). The name is pretty scary...
Read MoreDHS says, “We don’t need no stinking warrants”
Man, check out that album cover. That really takes me back. I never really loved the Warrant, I have to say – with the possible exception of “Cherry Pie” – although that probably has something to do with the fact that it featured guest C.C. Deville () on guitar. Good times, good times. Anyway, misty water-colored eighties power metal moment over; on the purpose at hand....
Read MoreTSA: it wouldn’t be so bad if there were a point
So, the other day I was going from Seattle to Manchester. And believe me, it was one hell of a trip… The day was kicked off by finding out that SeaTac had no power in Terminal A, and ended 20 hours later (finally) in New Hampshire where I found out that the TSA had searched my luggage. Now, I don’t know about you, but in past when people have searched my belongings, they...
Read MoreAirport Security: How to make life suck and have people love you for it.
OK, so remember when we were talking about behavioral screeners at airports? Well, apparently they’ve decided to expand that program; check it out: But security officials here are so impressed with behavior pattern recognition techniques – which they say can distinguish a nervous traveler from a dangerous one – that they say they plan to expand their use more widely in Miami...
Read MoreAirplane Hijinx
So, worth reading for the humor is the AxisofLogic take on airport security. I’m glad I’m dieting, since according to them, the “stripper-o-matic” nudity cam could be coming to an airport nearby.
Read More“Behavior Screeners”. Sure.
Are you kidding me? In case you didn’t see last week’s NYTimes article, Faces, Too, Are Searched at U.S. Airports, I highly advise you to check it out. Now, normally I don’t blog about the jackassery that goes on in airports – after all, most security experts that I talk to are all in agreement that the airline security measures are bogus, but this one is over the top! ...
Read MoreDHS continues to not get it done
Remember back in October when we wrote about how the DHS wasn’t getting it done in terms of critical infrastructure protection? Well, the other day GCN put out an article about Andy Purdy’s discussion at the 2006 International Conference on Network Security where he indicated that… well, things still aren’t getting done. He indicated that there’s a lack of...
Read MoreDHS Flunks Yet Again
Once again, the DHS has brought home their cybersecurity report card, and for the third straight year they’ve flunked across the board. The government reform committee, in this year’s FISMA report card once again deemed that DHS maintains a security posture that is “unacceptably low.” Said chairman Tom Davis, DHS must have its house in order and should become a security...
Read MoreGovernment Roundup
It’s been quite a week for government information security. For the fellow connoisseurs of human folly, here’s the recap. First and foremost, the NSA’s website was down for reasons unspecified. Since officials at the NSA would not comment on whether or not it was the work of attackers, we’re left to assume that it probably was. Next, the GSA has shut down a web page used...
Read MoreNo DHS Left Behind?
According to CNET, the DHS takes another one on the head. This time, it’s from former members of the 9/11 commission who say, ” The federal government is not making enough progress in protecting critical infrastructures… Progress also is lacking in airline security and providing radio spectrum to first responders…” Sweet. It’s in “report card”...
Read MoreScott Borg Newly Appointed DHS “Debbie Downer”
The cyber attacks of recent years have been relatively unsophisticated and inexpensive compared to the potential of organized attacks… Organized attacks by teams of hackers… could have a huge impact on a nation’s economy… We will probably see terrorist groups, criminal organizations putting together combinations of talent… Wow. Does anybody have a straight razor or...
Read MoreFestive Week for the DHS
Last week marked the release of the preliminary NIPP (National Infrastructure Protection Plan) from the DHS; all 175 vague pages of it. It also marked the release of an audit of FEMA’s database security, basically telling us what we already know – that FEMA’s database security is in line with the rest of IT security in the DHS (i.e. minimal and poorly implemented.) Never being...
Read MoreDHS Fails Yet Again
There’s a new report about DHS security out there – this time from the inspector general. In case you haven’t been keeping up, the DHS has been slammed by the GAO, congress, and just about everyone else. My favorite...
Read MoreQuick followup to DHS post
I just noticed that Adam posted a cool, but different, Onion reference as well. Be sure to check that one out also.
Read MoreNew DHS Security Initiative
In a humorous take on the current security climate in this country, The Onion reports that trick-or-treaters this year will be subject to random bag searches by the DHS. “Individuals concealing their identities through clever disguise, and under cover of night, may attempt to use the unspecified threat of ‘tricks’ to extort ‘treats’ from unsuspecting...
Read MoreDHS to Vendors: “Build Security In”
Originally, I sat down to write this entry with the plan to make fun of the new DHS BuildSecurityIn site. But I’m not going to, because it’s actually pretty good. Here’s the background: the DHS has partnered with Carnegie Melon to provide a software security portal. Those of you that read this blog know that I’ve been pretty critical about the DHS – particularly...
Read MorePurdy big words from the DHS
According to Andy Purdy, the DHS is ready to “git ‘er done” in terms of ramping up the nation’s cybersecurity posture. From PC World: ‘A draft of a national infrastructure vulnerability assessment, including a cybersecurity assessment, should be completed within a couple of months, and the DHS Internet Disruption Working Group is working on a plan for Internet...
Read MoreDHS Announces “Top Priority” (and it’s not what you think it is)
So, the DHS (via the FBI) announced that cracking down on obscenity on the Internet will be “one of the top priorities” going forward. To tackle this top-priority initiative, they’ve got a dumptruck full of funding, at least 10 headcount, and a mandate from the top. That’s right, you heard it here – on the top of the DHS priority list is… porno. Just to be...
Read MoreDHS continues to live up to my expectations
According to DHS CTO Lee “trying not to be a scapegoat” Holcomb, the DHS stinks on ice. Alright, he didn’t actually say “stinks on ice”, but he did say what we all already know in a shameless “don’t crucify me” dance more embarrassing than Ashley Simpson’s lip-synch jig on Saturday Night Live. He said specifically: - “…we are not...
Read MoreDHS: why initiative isn’t enough
A colleague of mine, transplanted from Venzuela, told me once about a saying of his homeland: loosely translated, it states, “there’s nothing more dangerous than an idiot with initiative.” Nothing exemplifies the truthfulness of this saying than the fact that one of the most esteemed security researchers of our time was denied entry to the US to present her...
Read MoreMaybe DHS Should Empty Their Own Hamper
Ever quick to “throw the first stone”, the DHS (Department of Homeland Security) has gone on record to chastise the private sector for lax security. Am I alone in thinking WTF here? I mean, really. The DHS got slammed by the GAO for achieving “no significant results” in any of their 13 main duties; they achieved “failing results” for protection of their own...
Read MoreAnother Victory for DHS
Ah yes, what an impact 911 made on how our borders are protected. Take, for example, the almost machine-like efficiency with which alleged multiple-murderer Gregory Despres was snatched by authorities. Sarcasm aside, is this what we’ve given up our civil liberties for? Give me a break. Patriot act? Where’s the “don’t let the guy with an arsenal and a sack of human...
Read MoreDHS Progress in a Word: “Unacceptable”
Everybody knows someone who’s been stopped in an airport for carrying something that DHS perceives as the next airplane hijacker weapon of choice; such obviously deadly implements like toothpicks, nail clippers, bic lighters, or matches. And really, think about the damage that a terrorist could do to the human body with nail clippers… creepy. Anyway, by now, most of us have likely...
Read MoreEven the US Gov’t has trouble with Risk Assessment
Federal Computer Week reports that “The nation isn’t doing a good job of assessing its vulnerabilities to terrorist attacks”. The article goes on to say, “Witness after witness stressed that no one knows how much money is needed for homeland security because nobody – federal, state, and local officials – has identified minimum standards for...
Read MoreNCSD Still Looking for a Head">NCSD Still Looking for a Head
The recently created NCSD (National Cyber Security Division) is still without a leader. Consider Dennis Fisher’s wry qualifications for the job, “The candidate must be willing to work long hours, be comfortable with getting no credit for his or her successes and take a public thrashing for the smallest failures. And do it all on a limited budget while trying to get personnel from a...
Read MoreA step forward or a step down? The National Cyber Security Division
On Friday, the DHS (Department of Homeland Security), introduced the National Cyber Security Division (NCSD) to “combat cyberthreats.” The announcement sounds good, but there are some doubts about its effectiveness. The former “Cybersecurity Czar”, Richard Clarke, reported directly the Bush. While the Cybersecurity Director of this new division, the position remains...
Read MoreA Rose by any other Name
eWeek reports -”The Pentagon’s research arm, in a report released Tuesday, changed the name of its mammoth electronic surveillance project following public outcry, but concerns that the project will unnecessarily invade privacy without necessarily improving national security remain strong.” TIA used to stand for Total Information Awareness and now is Terrorism Information...
Read MoreTuesday September 7, 2010
Diana Kelley's profile