Is FEMA The Best Group To Model A Cybersecurity Agency After?

from the proactivity dept

There's been a lot of talk about the cybersecurity policy actions the Obama administration will undertake, with few clear ideas on exactly what such a policy should entail, or what powers the much-discussed cybersecurity "czar" should have. One of the supposed leading candidates for the czarship says that what the country really needs is "a FEMA for the internet" that can coordinate responses to electronic attacks and problems. The wisdom of invoking the idea of another FEMA doesn't seem too wise, given the agency's rather tarnished reputation following its ham-fisted response to Hurricane Katrina and other disasters, but leaving that aside, there may be deeper issues. FEMA's role is largely preparedness for and reaction to natural disasters; shouldn't a cybersecurity agency be focused more on prevention than reaction? The idea of something like FEMA makes sense in the context of natural disasters and emergencies, since they are largely unpreventable and inevitable. But isn't cybersecurity an area in which prevention of disasters and attacks is arguably more important?


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Ima Fish, Feb 20th, 2009 @ 9:13am

    "what the country really needs is a FEMA for the internet"

    Are you sure this wasn't a line from the Simpsons?! The Onion?!

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    weneedhelp, Feb 20th, 2009 @ 10:07am

    REX 84 & FEMA

    REX 84 Google it. Yeah, thats what the internet needs.

    http://uweb.txstate.edu/~lf14/conspire/rex84.html

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Feb 20th, 2009 @ 10:15am

    But ...

    While cyber security should really be focused on prevention. Total security is impossible. Therefore an effort is justified in setting up policies to react to a security breach.

    Just imagine what it would be like if they designed the 'perfect' security system and so didn't worry about what they would do if it got breached because that is "impossible." They'd be caught with their proverbial pants around their ankles and the hacker would ravage their system as he/she/it wanted to.

    So FEMA might be a bad model to work from but don't you dare just focus on prevention, you must work to prevent security breaches but you better have a backup plan

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    jonnyq, Feb 20th, 2009 @ 10:27am

    "The wisdom of invoking the idea of another FEMA doesn't seem too wise, given the agency's rather tarnished reputation following its ham-fisted response to Hurricane Katrina and other disasters, but leaving that aside, there may be deeper issues."

    That's because the federal government just isn't equipped - nor should they be - to take the lead in recovery from a natural disaster. Katrina was a mess because no one local took charge. They waited for the federal agency to come take over.

    That is precisely why no computer network should be reliant on federal aid. FEMA exists to help local leaders. What sort of help would a federal agency provide to local network admins? Why should they? It really sounds like you're accepting the premise that the government might actually have a role, but I don't see a reason to accept that.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Feb 20th, 2009 @ 10:39am

    FEMA hasn't always been a joke

    FEMA has had a bad reputation ever since the the phrase "You're doing a heck of a job, Brownie" fell from George Bush's lips.

    But honestly, FEMA has not always been a terrible joke. You will get this problem any time y take any agency or business and put someone totally unqualified at its head based entirely on political loyalty rather than competence and qualifications.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Nick, Feb 20th, 2009 @ 10:43am

    FEMA actually is a fairly good example of how a very large organization can work.
    Now what happened about eight years ago what a disaster for FEMA.
    A new president was elected, and a rotation of "leaders" were initiated.
    The result was a large quantity of inexperienced friends, family members, neighbors and pets finding themselves with a nice income and a job they had no clue about how to perform.
    The result was evident in New Orleans.
    One could easily argue that FEMA wasn't the only organization suffering due to change in management.

    Now this isn't specifically to provoke W fans. The rotation happens after all elections.
    But rarely with as disastrous results as what we have been witness to for almost a decade.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Man from Atlanta, Feb 20th, 2009 @ 11:57am

    Only generally?

    Now this isn't specifically to provoke W fans. The rotation happens after all elections.

    But rarely with as disastrous results as what we have been witness to for almost a decade.

    -- If this wasn't to provoke, the last sentence was entirely unnecessary.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Man from Atlanta, Feb 20th, 2009 @ 12:06pm

    What's wrong with NIST?

    Having seen the difference between federal efforts and state cybersecurity efforts, I'm impressed by the feds.

    http://csrc.nist.gov/groups/SMA/fisma/index.html

    Security is never absolute and with an organization as big as the federal government you'll always find laggards, but by and large I think NIST (Nat'l Institute of Science and Technology) has done a pretty good job moving toward the goals of FISMA (Federal Information Security Management Act).

    Adding governance of private cybersecurity would be a curve ball. Perhaps whoever thinks this is a good idea sees the geopolitical effects of state-run chinese IT efforts and thinks we need to replicate these efforts. I have my doubts about such an approach. For instance, we have open records laws and I suspect many of us would like to keep them.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Nick, Feb 20th, 2009 @ 12:14pm

    Re: Only generally?

    I can prove there gave been management disasters.
    You can not prove there have been none.

    I understand you are unhappy with the current leadership but it is irrelevant.

    My statements supports my initial argument that FEMA is likely a good model.

    And that is all the time I am going to spend on you.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    LostSailor, Feb 20th, 2009 @ 12:26pm

    Plan for the Best, Prepare for the Worst

    To echo some comments here, yes, it is certainly wise to plan and work to prevent cybersecurity problems, but it is also wise to prepare to respond when those plans prove to be unsuccessful in any specific instance.

    FEMA actually had a very good track record before the last administration and the handling of Katrina, such as dealing with the aftermath of Hurricanes Hugo and Andrew. When actual disaster management professionals are put in charge (as opposed to former commissioners of the International Arabian Horse Association), they can be quite effective.

    FEMA is probably a good model for one part of the federal cybersecurity equation.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    youneedhelp, Feb 20th, 2009 @ 12:39pm

    Re: REX 84 & FEMA

    Seriously, did you even read this tripe before linking to it?

    "The first targets in any FEMA emergency would be Hispanics and Blacks."

    I love a good conspiracy theory as much as the next guy, but whoever authored this pile of shit could at least take a minute to update his/her racial profiling targets to include the pariah ethnicity du jour.

    Never mind, I'm probably screaming at the deaf here.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Please, Feb 20th, 2009 @ 1:10pm

    FEMA was fine until the Homeland Security Department was created and they shoved FEMA under there. FEMA should have been left alone.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Please Again, Feb 20th, 2009 @ 1:11pm

    Notice very few FEMA complaints from the folks in the midwest who flooded?

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    weneedhelp, Feb 20th, 2009 @ 1:31pm

    Re: Re: REX 84 & FEMA

    No conspiracy about it. Did YOU read it?
    I see you chose to ignore:
    The first targets in any FEMA emergency would be Hispanics and Blacks, the FEMA orders call for them to be rounded up and detained. Tax protesters, demonstrators against government military intervention outside U.S. borders, and people who maintain weapons in their homes are also targets.

    There is nothing racist about that comment. Stop being a fool by trying to discredit someone by labeling them a bigot. STRAWMAN

    FEMA - The Secret Government
    By Harry V. Martin with research assistance from David Caul
    http://www.sonic.net/sentinel/gvcon6.html
    http://www.sonic.net/sentinel/wrprof.html

    There are more than enough articles about REX84. If you choose to ignore them then that makes you an average American.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Feb 20th, 2009 @ 1:40pm

    Re: Re: Re: REX 84 & FEMA

    Some people live in wonderfully amazing worlds. I wish it was me.
    Once I worked with a guy who was so convinced that USA has satellites capable of creating earthquakes that he almost kicked my ass when I couldn't stop laughing at him.

    I have no beef submitting to the likely existence of these measures. But the conclusions drawn are just beyond anything I have giggled at in a long time.

    600 empty prisons. Well, at least the guards have a job in this economy :D

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    weneedhelp, Feb 20th, 2009 @ 2:21pm

    Re: Re: Re: Re: REX 84 & FEMA

    "Some people live in wonderfully amazing worlds. I wish it was me." OH YOU ARE.

    Terry Kings wrote an article on his discoveries of camps located in southern California. Here are some of his findings:

    The first camp we observed was in Palmdale, California. It is not operating as a prison at the moment but is masquerading as part of a water facility. Now why would there be a facility of this nature out in the middle of nowhere with absolutely no prisoners? The fences that run for miles around this large facility all point inward, and there are large mounds of dirt and dry moat surrounding the central area so the inside area is not visible from the road. There are 3 large loading docks facing the entrance that can be observed from the road. What are these massive docks going to be loading?

    We observed white vans patrolling the area and one came out and greeted us with a friendly wave and followed us until we had driven safely beyond the area. What would have happened had we decided to enter the open gate or ask questions?

    This facility is across the street from the Palmdale Water Department. The area around the Water Department has fences pointing outward, to keep people out of this dangerous area so as not to drown. Yet, across the street, the fences all point inward. Why? To keep people in? What people? Who are going to be it’s occupants?

    There are also signs posted every 50 feet stating: State of California Trespassing Loitering Forbidden By Law Section 555 California Penal Code. The sign at the entrance says: Pearblossom Operations and Maintenance Subcenter Receiving Department, 34534 116th Street East. There is also a guard shack located at the entrance.

    We didn’t venture into this facility, but did circle around it to see if there was anything else visible from the road. We saw miles of fences with the top points all directed inward. There is a railroad track that runs next to the perimeter of this fenced area. The loading docks are large enough to hold railroad cars.

    Another site is located in Brand Park in Glendale. There are newly constructed fences (all outfitted with new wiring that point inward). The fences surround a dry reservoir. There are also new buildings situated in the area. We questioned the idea that there were four armed military personnel walking the park. Since when does a public park need armed guards?

    A third site visited was in the San Fernando Valley, adjacent to the Water District. Again, the area around the actual Water District had fences logically pointing out (to keep people out of the dangerous area). And the rest of the adjacent area which went on for several miles was ringed with fences and barbed wire facing inward. Also interesting was the fact that the addition to the tops of the fences were fairly new as to not even contain any sign of rust on them. Within the grounds was a huge building that the guard said was a training range for policemen. There were newly constructed roads, new gray military looking buildings, and a landing strip. For what? Police cars were constantly patrolling the several mile perimeter of the area.

    From the parking lot of the Odyssey Restaurant a better view could be taken of the area that was hidden from site from the highway. There was an area that contained about 100 black boxes that looked like railroad cars. We had heard that loads of railroad cars have been manufactured in Oregon outfitted with shackles. Would these be of that nature? From our position it was hard to determine.

    In searching the Internet, I have discovered that there are about 600 of these prison sites around the country. They are manned, but yet do not contain prisoners. Why do they need all these non-operating prisons? What are they waiting for? We continuously hear that our current prisons are overcrowded and they are releasing prisoners because of this situation. But what about all these facilities? What are they really for? Why are there armed guards yet no one to protect themselves against? And what is going to be the kick-off point to put these facilities into operation?

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Feb 20th, 2009 @ 2:46pm

    Re: Re: Re: Re: Re: REX 84 & FEMA

    koo koo

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Gene Cavanaugh, Feb 21st, 2009 @ 11:45am

    Cyber security czar

    This is something that deserves more than a "knee-jerk" reaction - whoever shot off their mouth should be removed from consideration by the Obama administration.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This