DHS Giving Firms Free Penetration Tests

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
The Department of Homeland Security has a new program called the National Cybersecurity Assessment and Technical Services that will test your computer and network defenses against real-world attacks for free. The DHS' Risk and Vulnerability Assessment service tests everything from databases to operating systems and even social engineering as well.

The U.S. Department of Homeland Security (DHS) has been quietly launching stealthy cyber attacks against a range of private U.S. companies — mostly banks and energy firms. These digital intrusion attempts, commissioned in advance by the private sector targets themselves, are part of a little-known program at DHS designed to help “critical infrastructure” companies shore up their computer and network defenses against real-world adversaries.
 
These are probably 100% legit with no ill gains by the DHS. But, with the push for encryption keys, information on customers, etc., it's hard to trust them.

We do need to beef up security in networks and computers, though. In a new war, you could cripple a country by taking out their computers - banks, stock market, manufacturing, power, water.... It does need a lot of attention, and I'm glad the DHS is stepping in to help. Just hard to put a lot of trust into them.
 
I am not a big fan of the government offering services for free as it violates the rules of a capitalistic society and makes it hard or impossible for private companies to compete. Although I can see the value of this service I would prefer that it be mandatory for companies to perform (a tax) or handled through subsidies to private companies for a free offering as those are more capitalistic in nature.
 
making a list... checking it twice.

it's a trap.

Any company that has anything to do with "critical infrastructure" should already be doing their own penetration testing.
 
I'm wondering if DHS is doing the pen testing or was it outsourced to a REAL company.
 
It appears innocent on the surface, but history would testify that the government is always trying to find new ways to fuck us in the end.
 
Though I should add that with all the info the Chinese have have hacked out of American firms, it is in the Country's best interests as a whole to ensure that corporate data isn't guarded by limp security practices and procedures.
 
Title of the week: check
Title of the year: very possible

Great job as usual Steve! :cool:
 
Do they leave a backdoor for followups?

They typically go through the backdoor to test penetration and make sure your system is tight. What a bunch of dicks if they did leave the backdoor wide open.
 
These are probably 100% legit with no ill gains by the DHS. But, with the push for encryption keys, information on customers, etc., it's hard to trust them.

We do need to beef up security in networks and computers, though. In a new war, you could cripple a country by taking out their computers - banks, stock market, manufacturing, power, water.... It does need a lot of attention, and I'm glad the DHS is stepping in to help. Just hard to put a lot of trust into them.

Yeah. Bend over for the Penetration Test LOL
 
The real "threat" to DHS is law-abiding real Americans.

Homeland Security is not about protecting you from terrorists. It's all about protecting the entrenched sold-out treasonous scum in "government" from YOU.
 
Get into a Government job. Government pays for crimes better with a license to steal, kill, and immunity from prosecution.
 
I would just be careful, typically in these situations you get what you pay for. I think it’s great that there’s a free option for companies but it does make me a little wary.
 
Is this service free to all, or just to companies considered critical to infrastructure?

Under the SAFETY ACT and the newest Cyber Security Bill, all businesses can sign up under the SAFETY ACT and agree to scans etc and receive immunity from civil law suites in the case of a breach and data loss. Also, you agree to share information related to a breach if you get hacked. At the same time, you can't be sued by your customers if you share their information with the Feds as long as the data was related to the breach.

Personally I don't like this at all. I think it gives business too much protection and fails to encourage developers to fix security flaws in their products when the government is providing a great big security blanket for business to cuddle up under. Where is the pressure to fix things from business/service providers when they are all protected from civil redress?
 
What the government should have done is strengthened individual rights to seek redress, and add federal fines when justified, so that business is under the gun to strengthen how they protect data and therefor drive developers to do better product testing and develop safer online practices.

But that's just the opinion of a lowly government schill :D
 
Back
Top