Welcome to WebmasterWorld Guest from 54.211.86.24

Forum Moderators: phranque

Homeland Security to hire up to 1K cyber experts

   
3:21 pm on Oct 2, 2009 (gmt 0)

WebmasterWorld Administrator travelin_cat is a WebmasterWorld Top Contributor of All Time 10+ Year Member



The Gov is hiring:

The Obama administration has given a green light to the Homeland Security Department to be more competitive and choosey as it hires up to 1,000 new cyber experts over the next three years, the first major personnel move to fulfill its vow to bolster security of the nation's computer networks.

More at SFGate.com [sfgate.com]
9:50 pm on Oct 3, 2009 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



<hand up waving> OOOH! OOOH! PICK ME!

earlier intrusions into the country's electrical grid.

How this happens baffles me beyond all belief.

Haven't they heard of firewalls?

Order Deny,Allow
Deny from all
Allow from <authorized IPs only>

I mean seriously...

With that meager amount of protection then you have to first hack into one of the machines at the IPs authorized, assuming you know who's authorized in the first place!

If the government is serious about cyber security the best thing they could possibly do is put some OpenSource software out in the field for everyone to use, to include in our servers and PCs, to detect problem sources and coordinate automatic firewall defenses to block the sources of the activity to halt the spread of botnets.

12:05 am on Oct 4, 2009 (gmt 0)

WebmasterWorld Senior Member jab_creations is a WebmasterWorld Top Contributor of All Time 10+ Year Member



HOORAY FOR MORE GOVERNMENT!

- John

"The more corrupt the state, the more numerous the laws." -- Tacitus

12:12 am on Oct 4, 2009 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member



These new hires are not going to be making laws, they're hopefully going to be fixing the gaping holes in government network security -- and improving the ratio of useful workers to bureaucrats in that department as well, I'd wager.

Jim

1:12 am on Oct 4, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



My best friend works for the DOD in the computer crimes lab. He investigates intrusions into government networks. You wouldn't believe the incompetence of government IT people. 1,000 more morons isn't going to solve anything, just expand the payroll.
2:12 am on Oct 4, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Incompetence and government employees?
2:40 am on Oct 4, 2009 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member



SEOMike,

Might we assume --at least initially-- that your friend at DOD is not a moron, and that DHS's new hires might not also be morons? -- The article did say there were going to hire experts, no?

To stay on topic, let's not take this thread in the direction of general government-bashing, but rather discuss what this might mean for government computer security, and possibly internet security as a whole -- There are going to be 2000 more eyeballs focused on cybercriminals, and ISPs are a lot less likely to ignore their reports/inquiries than those of individual Webmasters or small security firms.

Jim

2:50 am on Oct 4, 2009 (gmt 0)



1,000 more morons isn't going to solve anything, just expand the payroll.

let's not bash government I guess.

Parkinson's Law The demand upon a resource tends to expand to match the supply of the resource. Sure, let's throw some bodies at a problem. (sarcasm)

Another Parkinson's law is that after a certain barrier, a bureaucratic organization becomes autonomous and creates work for itself regardless of what exactly it is doing. 1000 people has been brought up many times as that barrier. How and most importantly WHY would they hire competent people?...

The electrical grid stuff is a steaming joke. Just don't put an electrical grid on a public network. Or at least pay incrediBill a $100/hr for 1 hour so he can run his firewall command.

4:57 am on Oct 4, 2009 (gmt 0)

5+ Year Member



They should just pay script kiddies a fee every time they hack somewhere and then another when they tell the goons how to close the hole. Whose networks exactly will they protect and who is going to pay?
5:28 am on Oct 4, 2009 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



1,000 more morons isn't going to solve anything, just expand the payroll.

Considering the private sector has many thousands of "morons" employed on the task of cyber security and they haven't been able to do anything except publish reports telling us how bad the problem is, as if we didn't already know, maybe it's time the government created a task force.

What could be the possible harm to add some muscle to the problem because the public sector is bogged down in rhetoric and over priced high end solutions available to the biggest players, not the average webmaster with a server needing security.

1:03 pm on Oct 4, 2009 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



I hope the focus stays on plugging the security holes and doesn't expand into creating new rules and laws against webmasters. This is how becoming self important starts.

1000 new hires can help, the trick will be to make sure all 1000 are sincerely wanting to do a good job. 999/1000 isn't good enough because that 1 could wreak major havoc behind the scenes. I imagine hackers and spammers will also line up to try and get someone on the payroll...

2:41 pm on Oct 4, 2009 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



creating new rules and laws against webmasters

More than likely it would be rules for ISPs since they're the first line of defense for quashing botnets and some are sluggish to respond to AUP violations, if at all.

Just imagine if they were able to twist a few arms into shutting down known bad servers within hours, not days. Blocking machines known to participate in botnets access to the web until they were fixed, and intercepting and disrupting the botnets C&C (command and control) channels leaving the botnets deaf, dumb and blind.

Good start IMO and it's possible to do most of that today, very little technology required, just a mandate to make it happen.

Before long I wouldn't be surprised if your computer has to prove it has a firewall and A/V running before being allowed on the web, just like needing proof of insurance to drive a car on the road.

7:51 pm on Oct 4, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



The reason I look at it with a "well, there's more money wasted" view is I think an approach similar to Moncao's, where it's sort of an eat what you kill type mentality, would be the most effective. Unfortunately, that's also pretty much the exact opposite philosophy of most public sector positions.

After having worked for a primarily government project consulting firm, the next government organization I see that has a top priority other than increasing and protecting their own budget and jobs will be the first.

10:34 pm on Oct 4, 2009 (gmt 0)

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



protecting their own budget and jobs will be the first

Can't help but agree... few things I've seen done at the Federal level dealing with citizens/consumers accomplishes anything except their own bureaucratic growth... such as the Department of Energy (1977, now with a budget of $24.2 B/yr), with generally dismal results. I hope the 1k experts actually do a job, not create another bureaucracy we can't afford!

1:17 am on Oct 5, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Whats with all the government bashing here? These 1,000 heads are greatly needed and if anything will benefit the private sector by accelerating some of the projects that are held up mostly because there aren't resources to make them happen on the infrastructure & security side. (speaking from experience).

Its also terribly naive to think its as simple as a .htaccess.. the security checklist and scanning is a lengthy process. I've done it on just some oracle database clusters i built and it was enough to drive any security aware admin insane at just how fine grained they control access and priveledges.

However what it comes down to is people power to respond to attacks as well as people power to be pro-active on threats - any and all of them.

So i'm glad to see 1k jobs opening up

2:40 am on Oct 5, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



IMHO this is as little about defense as "Department Of Defense" usually is, or to put it directly; not at all. All of you seem to have forgotten the news from a few months ago that the Pentagon would embark on a new cyberwarfare strategy involving an attack force that could ie. shut down enemy infrastructure and/or communications (eg. web sites that happen to post the wrong version of current events). So, these are tomorrows cyber-terrorists - only, they get paid by the US taxpayer.

For internet security as a whole, as well as overall privacy - this is not a good thing at all. It should be seen in the context of the other massive privacy infinging activities the various US secret services undertake, using monstrous databases, data-mining and surveillance at a very fine grained level. A lot of knowledge about these programmes can be found in the open, it's no big secret. With this new army of hackers they may be able to steal the data that they are not given voluntarily.

Just my 2 cents.

3:40 am on Oct 5, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



With this new army of hackers they may be able to steal the data that they are not given voluntarily.

That scares me more than adding to the payroll. Where does it stop? If I write something about the problems I perceive with the government and they decide they don't like it they should have the right to intrude into my network and computers without a warrant? It's a pretty slippery slope.

The money needs to go to making the law catch up with the technology, hardening our existing networks, and motivating the employees we already have to do something other than play LAN games all day.

9:32 am on Oct 5, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



--- LAN games all day --

I thought it was good ol' chess at 11 and checkers at 3:30(when the sig break is over) and some PowerBuilder & FoxPro 2.1 vs DotMatrix Print Drivers debugging as overtime....

1:42 pm on Oct 5, 2009 (gmt 0)



claus, good point. we don't need another 2000 blogs / websites promoting Manistream Media's point of view. And that would be a more likely way they are going to handle "security".

On the plus side, I DO see how hiring consultants (especially foreign consultants) is dangerous on the government level...we don't want to see NORAD stand down next time around...sorry not getting political. So if they indeed will hire quality personnel that will handle simple tasks ...it would be a boost. Now...if only they fired 1000 incompetent workers in exchange....

 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month