Comments on: In Wake of Pentagon Breach, Obama Calls for New Military Cyber Security Command http://itacidentityblog.com/in-wake-of-pentagon-breach-obama-calls-for-new-military-cyber-security-command Wed, 18 Aug 2010 01:52:36 -0400 http://wordpress.org/?v=2.8.4 hourly 1 By: John Ryan http://itacidentityblog.com/in-wake-of-pentagon-breach-obama-calls-for-new-military-cyber-security-command/comment-page-1#comment-180 John Ryan Sun, 26 Apr 2009 14:50:03 +0000 http://itacidentityblog.com/?p=249#comment-180 Considering that obtaining a job protecting this country's infrastructure requires a security clearance and no contractor is willing to hire personnel without said clearance, we are stuck with a very limited talent pool. I also believe that talent pool does not contain the best people. Until the process for obtaining clearance is streamlined along with the costs and risks assumed by the contractors, Military and Government infrastructure will always be vulnerable. And the least informed people will be making the policy decisions. Scott - The pay for Fed employees in this field is much better than 30k. Considering that obtaining a job protecting this country’s infrastructure requires a security clearance and no contractor is willing to hire personnel without said clearance, we are stuck with a very limited talent pool. I also believe that talent pool does not contain the best people.
Until the process for obtaining clearance is streamlined along with the costs and risks assumed by the contractors, Military and Government infrastructure will always be vulnerable. And the least informed people will be making the policy decisions.

Scott – The pay for Fed employees in this field is much better than 30k.

]]> By: EJH http://itacidentityblog.com/in-wake-of-pentagon-breach-obama-calls-for-new-military-cyber-security-command/comment-page-1#comment-157 EJH Sat, 25 Apr 2009 05:27:28 +0000 http://itacidentityblog.com/?p=249#comment-157 The problem is those in charge do not understand how attacks are carried out and thus do not know have the expertise to see through the BS of those claiming they are securing the systems. Mr. Sattler is correct that no good infosec guy is going jump at this opportunity but if the government is serious then they need to take 10 percent of what they lost and spend that on a new InfoSec program. Having investigated these types of intrusions I can assure you this began with a social engineering attack then blossomed. We play little attention to these attacks because it does not seem to impact the public on a home level. Only when someone feels the impact and suffers the consequences do they start to scream. I consulted with a Fortune 50 company and explained the need for cyber security and the CEO balked sayign he and the company had enough in place. I then provided him with his childrens names, the schools they went to, the fact one had a broken vertebrae and the fact that he used a variation of their names to id new company projects. All information available if you knew where to look. Finally, the need for security hit home and the cost was well worth it. Security is always on the back burner until you get burned. Corporations take this approach and the government takes this approach. Just as we need that soldier standing post day and night to protect our freedom, we need cyber security doing the same thing. When the government is truly serious about Cyber Security I will be the first to rejoin the public sector but by then there will be no secrets left to protect The problem is those in charge do not understand how attacks are carried out and thus do not know have the expertise to see through the BS of those claiming they are securing the systems.

Mr. Sattler is correct that no good infosec guy is going jump at this opportunity but if the government is serious then they need to take 10 percent of what they lost and spend that on a new InfoSec program.

Having investigated these types of intrusions I can assure you this began with a social engineering attack then blossomed. We play little attention to these attacks because it does not seem to impact the public on a home level. Only when someone feels the impact and suffers the consequences do they start to scream.

I consulted with a Fortune 50 company and explained the need for cyber security and the CEO balked sayign he and the company had enough in place. I then provided him with his childrens names, the schools they went to, the fact one had a broken vertebrae and the fact that he used a variation of their names to id new company projects. All information available if you knew where to look. Finally, the need for security hit home and the cost was well worth it.

Security is always on the back burner until you get burned. Corporations take this approach and the government takes this approach.

Just as we need that soldier standing post day and night to protect our freedom, we need cyber security doing the same thing.

When the government is truly serious about Cyber Security I will be the first to rejoin the public sector but by then there will be no secrets left to protect

]]> By: Scott Sattler http://itacidentityblog.com/in-wake-of-pentagon-breach-obama-calls-for-new-military-cyber-security-command/comment-page-1#comment-123 Scott Sattler Thu, 23 Apr 2009 14:45:59 +0000 http://itacidentityblog.com/?p=249#comment-123 Get real, your not going to take a good infosec guy making 100-180k and have him join the military for 30k a year and then have to deal with idiotic dureaucracy and politics of the military? Your going to get the big defense contractors filling the positions with bottom of the barrel Infosec persons to meet the contract budget requirement, not the mission requirement. Get real, your not going to take a good infosec guy making 100-180k and have him join the military for 30k a year and then have to deal with idiotic dureaucracy and politics of the military?

Your going to get the big defense contractors filling the positions with bottom of the barrel Infosec persons to meet the contract budget requirement, not the mission requirement.

]]> By: David Land http://itacidentityblog.com/in-wake-of-pentagon-breach-obama-calls-for-new-military-cyber-security-command/comment-page-1#comment-118 David Land Thu, 23 Apr 2009 11:28:38 +0000 http://itacidentityblog.com/?p=249#comment-118 Ms. Horton, et al First, attacks on our critical infrastructure happen on a daily basis. Do they make the Post or most any other news media, no? Management is not all that is lacking. The US has for years lacked one single focus, and one single plan to not only defend our networks, but to take the next step and assert a proactive stance with respect to these attacks. With the collective brain trust of the US government, there is no reason that this virtual war should not be dealt with any differently than a convetional war between countries. The chief difference between this and a more conventional battle is that the lines of demarcation do not truly exist. The notion of "trust but verify" has not yet sunk into the minds of those who manage the virtual enterprises of the US, and security is always a secondary agenda. Security professionals will continue to chat on blogs, offering valuable opinions and studied insight, and we will continue to plod along. Ms. Horton, et al

First, attacks on our critical infrastructure happen on a daily basis. Do they make the Post or most any other news media, no? Management is not all that is lacking. The US has for years lacked one single focus, and one single plan to not only defend our networks, but to take the next step and assert a proactive stance with respect to these attacks. With the collective brain trust of the US government, there is no reason that this virtual war should not be dealt with any differently than a convetional war between countries. The chief difference between this and a more conventional battle is that the lines of demarcation do not truly exist. The notion of “trust but verify” has not yet sunk into the minds of those who manage the virtual enterprises of the US, and security is always a secondary agenda. Security professionals will continue to chat on blogs, offering valuable opinions and studied insight, and we will continue to plod along.

]]> By: Laura Horton http://itacidentityblog.com/in-wake-of-pentagon-breach-obama-calls-for-new-military-cyber-security-command/comment-page-1#comment-116 Laura Horton Wed, 22 Apr 2009 21:42:47 +0000 http://itacidentityblog.com/?p=249#comment-116 Given the change in administration it will be interesting to see how much of a change in cyber security this will make. It is a step but they need to keep on supportin it even after the limelight is gone. Resources and management support have been lacking in the past for most cyber security programs. When the incident involves part of the critical infrastructure, people will stand up and take notice, otherwise your average American don't get it. Thanks for the post Given the change in administration it will be interesting to see how much of a change in cyber security this will make. It is a step but they need to keep on supportin it even after the limelight is gone. Resources and management support have been lacking in the past for most cyber security programs.

When the incident involves part of the critical infrastructure, people will stand up and take notice, otherwise your average American don’t get it.

Thanks for the post

]]>