Defense Department Pretty Much Incompetent In Dealing With Online Threats
from the but-of-course dept
Last year, we noted that there was something of an internal executive branch fight over who had the mandate to deal with so-called “cybersecurity” threats: the Defense Department (mainly the NSA) or Homeland Security. Neither group is ideal, obviously, but the Defense Department’s claims were definitely much more ridiculous, in that it seemed like the entire point of asking for control over online security was to grant the NSA more spying powers. In fact, we found it somewhat hilarious that the DoD seemed to think that one of its best qualifications for managing digital security issues was its own incompetence in dealing with massive security breaches. Yes, the logic was basically “we had crappy security, so we know that online threats are real.” Yeah.
Now, as a bunch of folks have been pointing out, the GAO has put out a brutal report, explaining just how incredibly incompetent the Pentagon has been in both understanding and dealing with any kind of online threats. The full report (pdf) is pretty direct in suggestion that the DoD has known about problems for ages, but has only just started addressing the problems — and the report says it’s too early to tell if they’ve had any real impact at all.
While we’ve long said that the risk of “cyberwar” is blown way out of proportion, that doesn’t mean that there aren’t many attempts to breach government digital security. Tragically, this report suggests that the DoD is woefully unprepared to deal with the issues, and is only just now trying to catch up (potentially from a position well behind any adversaries.).
Filed Under: cybersecurity, defense department, nsa
Comments on “Defense Department Pretty Much Incompetent In Dealing With Online Threats”
Inspector Clouseau would be a better digital deterrent than these clowns.
This article is bullshytt. I worked for DoD, NSA, and CIA, when I was in the Military blocking cyber attacks. The equipment they have is so far more advance then anything I have seen at an Intel, Microsoft, or Google. This is just a reason to pay high salaries to civilian employees. My friend works for the NSA Network Security and starting salary… yeap 170,000 a year.
And with a handful of flash drives scatter in different places, I can own your entire network.
There is a difference between fending off “cyberwarriors” in the ongoing “cyberwar” and the simple fact that they might have a shiny happy “cyberwar” room to work out of and the rest of their systems are happily mailing spam out as part of a botnet.
They have thrown lots of money at people who promise them they have the solution, and we get no good results… so we throw more money on the old problem and ignore the new ones.
Maybe step 1 in securing their network, should be looking at all of the .mil and .gov emails that were registered on porn.com and eliminate those peoples use of computers because they can not be bright enough to have used a different password on each site they encounter.
Oh and while you decry this as BS… don’t forget the guy who blew the whistle on NSA wasting tons of money on a crappy product, and then they tried to ruin him for daring to point out they had screwed up.
Well, perhaps that should be the first thing cut (the salary, not the job) when everything goes tits up. And perhaps people should stop using their work e-mails for registering for free porn.
But, you know, TERRORISM! CYBERWAR! MORAL PANIC!
So, you’re saying that the GAO is lying?
Your point isn’t really relevant. The best equipment in the world doesn’t matter if it isn’t being used effectively (poor leadership, training, policies, focus, etc.).
Can't throw $ at problems
Budget does not equal competence. Otherwise, every Government service would be unparalleled, and we’d all be driving a GM, that is, when not enjoying our incredible public transportation services.
Couldn't Agree More...
Having worked for the military for longer than I care to admit, I REALLY don’t have any faith in what they can do in “cybersecurity” since they can’t even figure out just “what” it is. The Air Force is the most comical of the bunch since they “obviously” know that “Space” is part of “Cyberspace” and should, therefore, have CYBER Command up under SPACECOMMAND run by “Spacemen” or Pilots or even Missileers rather than, oh say, in an agency with someone who just might grok what the hell it really is and what it should do (something about that “operational stink adding validity to it). Anyway, wishful thinking on my part and I’m hanging up my geek cred since it has been tainted by guvvie work, so I probably don’t know what the hell I’m talking about.
However, if the US Gov’t WERE so competent in their cyberspace dealings (in a Hollywood imagined reality) there would NOT have been a Bradley Manning in the first place and Wikileaks would have been Wiki-tightened before anything got out in a hot ASSange minute. The MafiAAs aren’t even that good either so I guess I’ll stick to free-tarding it.
And that’s about all I have to say on those matters other than I also would not work at any of the aforementioned organizations since their leadership are either old-school military technophobes still trying to figure it out or DHS/FBI gumshoe detectives that can’t follow the law as correctly as they should as is evidenced by all the techdirt articles and the incestuous relationship they have with Big Business, Big Pharma, Big Entertainment, and the MafiAAs.
To be fair, the little dirty secret on the IT world is that there is no defense in cyberspace.
Despite some claims for the contrary.
Security could be improve there is no doubt about it, but total security is just a pipe dream.
Not just a pipe-dream. It’s like asking the Tea Party for investment advice.
It doesn’t matter that the US spends way more on defense than other countries since most of it is wasted getting screwed by contractors and inflated salaries. I guarantee that China can do more with 1/10 of the amount we spend.
I’m worried that we’re spending billions on Windows licenses while other countries use a free OS and learn more about computers in the process. Meanwhile our solders are being lead into battle by Clippy.
If I saw Clippy leading a tank column I would run like hell.
So it looks like your trying to invade a country, would you like to –
It’s the government, they’re incompetent when it comes to doing anything beyond using excessive force and imposing absurd penalties for doing nothing wrong (ie: infringement). The govt is worse than useless, we’d be better off without it.
(and taxing. They’re good at taxing).
if by ‘the government’ you mean ‘the US government in it’s current incarnation’ then it’s very easy to agree with you.
if you mean the concept of government in general this statement is flat out wrong. Human nature ensures that any anarchy will, in relatively short order, default into small scale organised governments. if you’re Lucky that means a city state with a good setup. far more likely it means warlords. in the latter case if you’re Lucky, again, you end up with at least some leaders who consider more than their own enrichment and power to be important and they don’t get completely owned, and you end up with a feudal system. if you’re unlucky you end up with someone less pleasant on top and get some combination of authoritarian dictatorship on a conquering spree, assassination and civil war.
or you just get invaded by a neighbour who does still have a functional government. either way.
Sure, if you like the idea of a sharecropper lifestyle, without widespread education and unlimited poisoning of the environment. Because that’s what would be left.
And if you had any money left over to invest, you probably wouldn’t want to invest in any company in which you didn’t have inside info. Because otherwise you’d probably get wiped out by those who did have that info.
And the very idea of a retirement? Nope; work until you’re physically unable, then hope your kids will take care of you.
Not saying the government ain’t got flaws (far from it), but let’s be realistic, ok?
And the really sad thing about this article is that if the GAO were to analyze DHS, they’d find it just as incompetent as DoD (maybe more so).
I agree that most of the cyberwarfare hyperbole is unwarranted. However, you’ve written about your interest in the Stuxnet story. Wouldn’t you classify that incident as a cyberwarfare attack, and isn’t that the prototype attack of the future that we should begin to seriously contemplate? That is: an attack conducted via computer code that causes damage in real life?
Technically, that was cyberterrorism, as war is terrorism at its subatomic level. But, I’m insane at this semanticry lark.
BS is right
I took the time to read the report. Can I get a Gov Voucher for that time back?
I cannot believe we pay someone so much money to write and read this drivel.
I am a security pro. I would not want to deal with this type of BS, so who’s going to actually do the work?
I don’t care what equipment or personel is trained on it, as long as this is what we throw money at all you end up with is experts at using the buraeucracy.
US Gov Sucks.