Concerned By Cyber Threat, The White House Seeks Big Increase In Funding

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Maybe the age old tactic of throwing money at a problem might work in this case. Who knows? I mean, they've done a bang-up job so far, why not give them more money. :rolleyes: Given the opportunity, how would you guys beef up our nation's cybersecurity?

In his fiscal 2017 budget proposal, Obama asked for $19 billion for cyber security across the U.S. government, an increase of $5 billion over this year. While the White House's overall fiscal plan faces tough going in the Republican-controlled Congress, increased cyber security funding has won bipartisan support of lawmakers in the past. The request comes as the Obama administration has struggled to address the growing risk posed by criminals and nation states in the digital world.
 
cheaper to have a closed network, then you can only get hacked from the inside?
 
The definition of insanity is doing the same thing over and over and expecting a different result.
 
GNU Linux ONLY!

haha!

In all seriousness, it sounds like a total circus. Sounds like for some of the attacks they were owned by using Windows XP machines.
 
or you can simply have things that are "mission critical" to not have any remote access at all.
 
sfsuphysics said:
or you can simply have things that are "mission critical" to not have any remote access at all.
Click to expand...

But then how would we remotely monitor the power stations to make sure that terrorists are remotely destroying our power stations.....think sir!!!
 
That being said, there is a ton...TON....of money being poured into cyber security. Whether you believe in its merit or not, there is money to be made.
 
Steve said:
Maybe the age old tactic of throwing money at a problem Given the opportunity, how would you guys beef up our nation's cybersecurity?
Click to expand...

The same way major league baseball does, by headhunting as much talent as possible to languish on farm teams. I'd imagine there are a lot Russian, Korean, and Chinese hackers that would give up espionage for some easy living and not fearing for your life.
 
Well, one tintsy wintsy issue is the shear size of the government. It's freaking huge :eek:

Of course any organization of that size is going to have some issues. Add to that the idea that the government has been on a huge "leverage the internet to safe money" kick, not that any money is really being saved. They just find different places to spend it.

But really, if the Federal Government wasn't so massive then it's problems wouldn't be so many. I'm just thinking maybe ..... :D
 
spugm1r3 said:
The same way major league baseball does, by headhunting as much talent as possible to languish on farm teams. I'd imagine there are a lot Russian, Korean, and Chinese hackers that would give up espionage for some easy living and not fearing for your life.
Click to expand...

You lost me there, not sure what you are trying to say.
 
sfsuphysics said:
or you can simply have things that are "mission critical" to not have any remote access at all.
Click to expand...

Problem here is "mission critical" is many different things to many different parts of the government. What's mission critical for the CDC is not what's mission critical for the FAA or the BLM.

Another issue is that some of the most damaging hacks had nothing to do with mission critical, instead it has been disclosures of basic personnel records data. The HR department turned out to be a much greater risk than people would have thought several years ago.

In my mind, if you cut down on how many things the Feds are into, maybe pass some responsibilities back to the States, at least you decentralize some of this massive data collection and limit the scope of the risk in some meaningful way.

What about the IRS, find a way to greatly simplify and track IRS reporting and how the payments are calculated, tracked, etc, and even if it's not perfect at least the IRS doesn't have to collect and maintain so much in records data nor allow so many to have access or have some much to manage. If the IT burden is simplified then you reduce risks because the footprint is smaller.

Take the old Flat Tax idea, not that this is the only way, but as an example. If you greatly simplify the Tax system then there is just less work involved on everyone's part when it comes to Taxes. So now there is less support stuff you have to host on the IT side for all the tax preparers, and tax lawyers, and tax collectors, and you get the picture.
 
lcpiper said:
You lost me there, not sure what you are trying to say.
Click to expand...

He's equating it to the same as the MLB as in teams scour the world for the best players and dump them into the farm system. All other leagues worldwide are inferior for this reason and there is a huge talent pool to draw from if there were a need - plus it keeps talent in the MLB and not in the Korean, Japanese or South American leagues.
 
I thought that they needed back doors in everything because only terrorists needed security.
 
Step 1: Hired qualified Network Engineers (means pay competitive salaries) and give them total control of Infrastructure design. General Fiddlesticks doesn't like not have remote access... tough fiddlesticks.

Step 2: Upgrade client and server OS's. You would be amazed at how many NT 4, 2003, Netware boxes are in operation of core systems. Again, Admiral Twinkletoes or Director Diddlymunch have software that needs that or fears the new OS is unsecure... tough hohos.

Step 3. Isolate isolate isolate. A lot of this is as much of a software development issue as it is a network one. You issue the Bezos ultimatum of everything is a service and those that can't adapt are fired.

Step 4. Realize nothing is secure and actively look for vulnerabilities. Offer bonuses to anyone that can expose a vulnerability and setup an independent department to oversee this, allowing people to submit bugs and vulnerabilities with the option of being completely nameless.

All of this could be done without a budget increase, hell renegotiating a few contracts would probably allow everyone to get a 20K salary increase.
 
EchtoGammut said:
Step 1: Hired qualified Network Engineers (means pay competitive salaries) and give them total control of Infrastructure design. General Fiddlesticks doesn't like not have remote access... tough fiddlesticks.

Step 2: Upgrade client and server OS's. You would be amazed at how many NT 4, 2003, Netware boxes are in operation of core systems. Again, Admiral Twinkletoes or Director Diddlymunch have software that needs that or fears the new OS is unsecure... tough hohos.

Step 3. Isolate isolate isolate. A lot of this is as much of a software development issue as it is a network one. You issue the Bezos ultimatum of everything is a service and those that can't adapt are fired.

Step 4. Realize nothing is secure and actively look for vulnerabilities. Offer bonuses to anyone that can expose a vulnerability and setup an independent department to oversee this, allowing people to submit bugs and vulnerabilities with the option of being completely nameless.

All of this could be done without a budget increase, hell renegotiating a few contracts would probably allow everyone to get a 20K salary increase.
Click to expand...

Although his is loosely accurate in some ways, it's not going to work this way cause the tail doesn't wag the dog in the Army. IT must empower the command and not the other way around. So when General Fiddlesticks wants remote access we as IT people must figure out how to give it to him with the least risk possible while ensuring that he is aware of what that risk is and will accept it.

A system on the network that is old and unsecure but performs an important function with no suitable replacement will remain on the network until it can be replaced or becomes otherwise obsolete. The IT people have to figure out how to keep that system up, running, and doing what it is there to do and minimize the risk associated with it's use while ensuring that leadership is aware and accepts that risk. It's called risk management for a reason.

Not everything you are saying is wrong and some of it is worthwhile. Particularly for the majority of the government, but General Fiddlesticks and Admiral Twinkletoes are not part of that majority of government and besides. Their networks are mostly not the way you are suggesting and you would know this if you have gone through the accreditation process for a network as I am now preparing for.
 
lcpiper said:
Take the old Flat Tax idea, not that this is the only way, but as an example. If you greatly simplify the Tax system then there is just less work involved on everyone's part when it comes to Taxes. So now there is less support stuff you have to host on the IT side for all the tax preparers, and tax lawyers, and tax collectors, and you get the picture.
Click to expand...

Even better, get rid of the income tax and switch to a sales tax.
Have the sales tax collected by the states and then forwarded to the federal government.
No need to file income tax (or hide income). Even drug dealers would be paying taxes when they buy that flashy new car, or their indoor farming equipment.
Exempt food and housing (renting or buying a primary resident) from the taxes, as that is the biggest expense for the poor/ lower middle class.

This would remove a huge amount of power out of Washington's hands.
 
nutzo said:
Even better, get rid of the income tax and switch to a sales tax.
Have the sales tax collected by the states and then forwarded to the federal government.
No need to file income tax (or hide income). Even drug dealers would be paying taxes when they buy that flashy new car, or their indoor farming equipment.
Exempt food and housing (renting or buying a primary resident) from the taxes, as that is the biggest expense for the poor/ lower middle class.

This would remove a huge amount of power out of Washington's hands.
Click to expand...

Agreed. But not really related to the problem of network security.

The problem is windows is so popular. Its on a majority of computers worldwide, so all the hackers know how to write a virus for it. The older and more wide spread an OS is, the more holes that have been found.

I think a fresh custom made OS (probably based off of Linux, maybe OSX or Android) for government user's only. Having a custom "minority" OS out there, with secret source code & SDK, might make their networks more secure.

Make it LOOK like Windows XP for the ancient folks, but actually just a skin for user friendliness.
 
What? Cyber Security? Don't like people breaking into your stuff eh? Well maybe you shouldn't be buying locks from a lock maker that is a known thief.
 
westrock2000 said:
But then how would we remotely monitor the power stations to make sure that terrorists are remotely destroying our power stations.....think sir!!!
Click to expand...

There have been many more power stations taken down by squirrels than by terrorists.
 
Retronym said:
Indict Hillary or shut the fuck up.
Click to expand...

Exactly. You want better security? Start by holding people accountable for their actions. And then you have all the subcontractors that you give access to secret information because it is easy. Sacrificing security for ease of use, that is what security always boils down to.
 
I have a relative that works in government contracting.

The contractor she works for was mandated to have at least x% of the infrastructure "in the cloud". Why? Couldn't give a reason. Purposeful security holes? Top-Brass believing stupid buzzwords? Top-Brass not understanding modern technology? I dunno. The particular contract they're working on has been in the project planning stage for 3 years and they don't even have the requirements of the project settled. And they're just one of several contractors trying to win the project. And that's just one of hundreds of projects.

The inefficiency of the federal government, at every level, is asinine.
 
1. stop using Windows-based computers.
2. hire the hackers to secure your networks.
3. ???
4. profit!

:D
 
As somebody who's been a defense contractor for ~10 years, and worked in network engineering, security, and now designing, selling, and integrating security for the gov.mil.. there's not a single comment here that i dont 100% agree with. Especially the Hillary one, omg. If I'd done that, I'd be bankrupt and blackballed, but shes a PRESIDENTIAL candidate?

Anyway. The same problem in my opinion with the gov in general is the same reason they're openassed with security: they're run like a government and not a company. If anybody posting here had our system completely turned out publicly, revealing what they revealed, there'd be more heads rolling than the Spanish Inquisition. I've seen offices where employees dont churn out 120 minutes of productivity in a month. Everybody from that employee to their manager knows, and nobody cares. That shouldnt exist. If it were even possible to get fired without requiring divine intervention, perhaps the best would work their way to the top, instead of the unflushable turds. You cant expect much security, sworn in or not, when employees simply dont give a shit. There was a joke in one office I worked in 10 years ago, that if you never wanted to work, you just say "I dont know." Because you could only get fired for breaking something, but you were safe if you never did anything at all - and it wasnt funny because it was a joke, it was funny because it was true.

No amount of funding or tools is going to fix the issue by itself. It's going to take Konan the IT Director just ramsacking everything and creating fundamental cultural changes. And that's something a company would do, not a government.
 
just saw there's 2 pages.. so I dont agree with the whole "problem is windows is old." thats just silly. in fact the argument could be made that would make it MORE secure. you're simply sliding the problem closer to a zero day running through EVERYTHING and farther away from competent admins having patched the older shit.

bloodhawke83 said:
cheaper to have a closed network, then you can only get hacked from the inside?
Click to expand...

most agencies do. all tiers of classification have their own network, and each is treated as alien as the next security tier below it. for example "secret" isnt supposed to touch (physically or logically.. barring some cases of inline crypto) unclassified, "top secret" cant touch secret, NSA cant touch TS, etc etc etc.

problem is that all of these hacks that are happening that you actually hear about are on the unclassified networks. when i was still an engineer, the unclass network was a nightmare for security. you have guys who joined the army because it was that or work a local gloryhole, and how he's a security problem. no use of obfuscation with new OS's or security tools will fix that.
 
You must log in or register to reply here.
Back
Top