DHS Giving Firms Free Penetration Tests

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
The Department of Homeland Security has a new program called the National Cybersecurity Assessment and Technical Services that will test your computer and network defenses against real-world attacks for free. The DHS' Risk and Vulnerability Assessment service tests everything from databases to operating systems and even social engineering as well.

The U.S. Department of Homeland Security (DHS) has been quietly launching stealthy cyber attacks against a range of private U.S. companies — mostly banks and energy firms. These digital intrusion attempts, commissioned in advance by the private sector targets themselves, are part of a little-known program at DHS designed to help “critical infrastructure” companies shore up their computer and network defenses against real-world adversaries.
 

Ur_Mom

Fully [H]
Joined
May 15, 2006
Messages
20,554
These are probably 100% legit with no ill gains by the DHS. But, with the push for encryption keys, information on customers, etc., it's hard to trust them.

We do need to beef up security in networks and computers, though. In a new war, you could cripple a country by taking out their computers - banks, stock market, manufacturing, power, water.... It does need a lot of attention, and I'm glad the DHS is stepping in to help. Just hard to put a lot of trust into them.
 

kbrickley

Supreme [H]ardness
Joined
May 13, 2012
Messages
7,514
I am not a big fan of the government offering services for free as it violates the rules of a capitalistic society and makes it hard or impossible for private companies to compete. Although I can see the value of this service I would prefer that it be mandatory for companies to perform (a tax) or handled through subsidies to private companies for a free offering as those are more capitalistic in nature.
 

magnetik

Moderator
Staff member
Joined
Jun 6, 2000
Messages
5,885
making a list... checking it twice.

it's a trap.

Any company that has anything to do with "critical infrastructure" should already be doing their own penetration testing.
 

amddragonpc

[H]ard|Gawd
Joined
Sep 20, 2012
Messages
1,996
I'm wondering if DHS is doing the pen testing or was it outsourced to a REAL company.
 

potency

Gawd
Joined
Dec 1, 2010
Messages
848
It appears innocent on the surface, but history would testify that the government is always trying to find new ways to fuck us in the end.
 

potency

Gawd
Joined
Dec 1, 2010
Messages
848
Though I should add that with all the info the Chinese have have hacked out of American firms, it is in the Country's best interests as a whole to ensure that corporate data isn't guarded by limp security practices and procedures.
 

ir0nw0lf

Supreme [H]ardness
Joined
Feb 7, 2003
Messages
6,403
Title of the week: check
Title of the year: very possible

Great job as usual Steve! :cool:
 

Ur_Mom

Fully [H]
Joined
May 15, 2006
Messages
20,554
Do they leave a backdoor for followups?

They typically go through the backdoor to test penetration and make sure your system is tight. What a bunch of dicks if they did leave the backdoor wide open.
 

TechLarry

Can't find the G Spot
Joined
Aug 9, 2005
Messages
30,428
These are probably 100% legit with no ill gains by the DHS. But, with the push for encryption keys, information on customers, etc., it's hard to trust them.

We do need to beef up security in networks and computers, though. In a new war, you could cripple a country by taking out their computers - banks, stock market, manufacturing, power, water.... It does need a lot of attention, and I'm glad the DHS is stepping in to help. Just hard to put a lot of trust into them.

Yeah. Bend over for the Penetration Test LOL
 

sliverjazz

Gawd
Joined
Jun 9, 2004
Messages
747
The real "threat" to DHS is law-abiding real Americans.

Homeland Security is not about protecting you from terrorists. It's all about protecting the entrenched sold-out treasonous scum in "government" from YOU.
 

sliverjazz

Gawd
Joined
Jun 9, 2004
Messages
747
Get into a Government job. Government pays for crimes better with a license to steal, kill, and immunity from prosecution.
 
Joined
Aug 25, 2015
Messages
3
I would just be careful, typically in these situations you get what you pay for. I think it’s great that there’s a free option for companies but it does make me a little wary.
 

lcpiper

[H]F Junkie
Joined
Jul 16, 2008
Messages
10,611
Is this service free to all, or just to companies considered critical to infrastructure?

Under the SAFETY ACT and the newest Cyber Security Bill, all businesses can sign up under the SAFETY ACT and agree to scans etc and receive immunity from civil law suites in the case of a breach and data loss. Also, you agree to share information related to a breach if you get hacked. At the same time, you can't be sued by your customers if you share their information with the Feds as long as the data was related to the breach.

Personally I don't like this at all. I think it gives business too much protection and fails to encourage developers to fix security flaws in their products when the government is providing a great big security blanket for business to cuddle up under. Where is the pressure to fix things from business/service providers when they are all protected from civil redress?
 

lcpiper

[H]F Junkie
Joined
Jul 16, 2008
Messages
10,611
What the government should have done is strengthened individual rights to seek redress, and add federal fines when justified, so that business is under the gun to strengthen how they protect data and therefor drive developers to do better product testing and develop safer online practices.

But that's just the opinion of a lowly government schill :D
 
Top