Government Security LackingMay find staying after class beneficial ( old news - 01:08PM Wednesday Dec 10 2003) tags: securityIt's that time of year again, where sleighbells ring, and a house panel points out how miserable US cyber security is. Internal audits indicate that yet again, the majority of US government agencies are failing to properly secure their networks. Shortly after the terrorist attacks in 2001, the government received failing grades across the board by a House panel tasked with determining government cyber-security. In 2002, things didn't really look much better, the government receiving another F. This year, Federal Computer Week reports the government has improved to a D grade, with the newest member, the Department of Homeland Security, sticking close to tradition and receiving an F. Only two agencies, The Nuclear Regulatory Commission and the National Science Foundation, received A's.
Related:- Uh, Mom? The Air Force Just Attacked Our PC
- T-Mobile Systems Hacked?
- Cyber-Attack On U.S. Larger Than Previously Believed
- Japanese Computer Scientists Crack WPA
- No, Obama Isn't Taking Over The Internets
- Comcast Employs New Botnet Alert System
- Time Warner Cable Security Flaw Exposes 65,000
- Hackable Time Warner Cable Modems Still Hackable?
|
 
FLECOM
Bay Networks Freak
Premium
join:2003-03-03
Miami, FL
1 edit | haha government != smart Department of Homeland Security ironically receiving an F
rofl how safe do you feel now? (not that i ever thought this agency was anything more than a big-brother thing)
The Nuclear Regulatory Commission and the National Science Foundation, received A's.
thats at least somewhat reasurring... i guess
--
BellSouth sucks | |
|  | | 
technick
Premium
join:2000-12-16
Loganville, GA
| Haha If the goverment didn't suck so much, maybe some big boys might try to get jobs helping them out. I know if the goverment threw in tax exempt status and a very good paycheck, i'll be on board in seconds.
--
AMD 2500, 1024 MEG PC 3200, 180 GIG HDD, MSI KT4 Ultra Board, MSI GEFORCE 4 TI 4600»www.streamfire.net/portfolio | |
| | bmn
? ? ?
Premium,ExMod 2003-06
join:2001-03-15
hiatus
| Re: Haha said by technick  :
I know if the goverment threw in tax exempt status and a very good paycheck, i'll be on board in seconds.
*heh* I don't know about the tax exempt status, but working in IT for the government pays very well when you include all the benefits (vacation, pension, insurance, etc). I did it a year or two ago and was disappointed when the project ended because I knew I had to go back to the private sector.
--
Male by birth... Geek by choice. --
Peace through superior firepower is not peace, but state terrorism. | |
| | |
FLECOM
Bay Networks Freak
Premium
join:2003-03-03
Miami, FL
| Re: Haha said by bmn :
*heh* I don't know about the tax exempt status, but working in IT for the government pays very well when you include all the benefits (vacation, pension, insurance, etc). I did it a year or two ago and was disappointed when the project ended because I knew I had to go back to the private sector.
i would take a job w/big brother as long as the pay didnt suck...
they pay techs like if they were working at a McDonalds in the agencies around here...
the only decent government agency down here is the county... they at least pay somewhat decent... and they do have nice benfits... which is always a plus i suppose
--
BellSouth sucks | |
| | | | 
Drex
Beer..It's What's For Dinner
Premium
join:2000-02-24
La Place, LA
 ·AT&T Southeast
| Re: Haha I work for a government subcontract. I have nice benfits and they pay me well considering the area I live in (New Orleans is not well known for their "technology"). 
However, like badmagicnumber said once your project is up, if they don't find you a new one, you're gone. Or worse yet, the government decides to renew the contract with another company. 9 times out of 10 you'll be assimilated into that new company, but what if you liked the old one better?
--
If I got smart with you, how would you know? | |
| | 
stromi
join:2000-06-11
Englishtown, NJ
clubs:
| Most IT Jobs (Real Jobs, Not sub-contractors) are between the GS-11 (40K to 50K) and GS-13 (60K to 80K)level. Benefits are locality pay, 401K (TSP), insurance and job security. The pay is generally less than what you would make private sector, but not by much. GS-14 and up are rare outside the beltway.
The Gov pays top dollar for subs, and often times the actual cost is 200% of an employee (once the vendor takes their piece on top of the salary). Of course, when the project is done, the sub is gone.
What the implications of this are is the younger, highly skilled techs flit in and out of contracts, and by and large, the GOV guys are dinosaurs from the main-frame days. This is changing as the workforce is getting old and retiring.
As far as the audit report goes, its accurate, but its just happenstance that they got it right, the auditors are generally clueless as to the real world implications of a percieved vulnerability.
Without revealing details, a guy could get dinged on failing to configure a router to block tcp-syn-flood attacks on an enclosed private network, but not get dinged for having an open SMTP relay.
It terms of access, most of the audits are peformed by contractors from Top Accounting Firms (Think Arthur Anderson for a moment please) under contract with Agencie's Inspector General, so they hit the real stuff, but there are "Rules of Engagement" that prevent real info from being leaked.
They use a NIST checklist, about 26 terrabytes of outdated policy, and automated tools (think ISS, NMAP, l0Phtcrack, etc). | |
| 
damonlab
Premium
join:2001-05-02
Detroit, MI
clubs: | State department... F That's funny. The State Department was given $220 million for IT modernization (including security improvements) in 2002. I wonder where all of that money went? | |
| | vic102482
Premium
join:2002-04-30
Upper Marlboro, MD
1 edit | Re: State department... F nm | |
| | vic102482
Premium
join:2002-04-30
Upper Marlboro, MD
1 edit | said by damonlab :
That's funny. The State Department was given $220 million for IT modernization (including security improvements) in 2002. I wonder where all of that money went?
The state department is on point as far as security goes. I think that report is a little bit of a publicity stunt.
The real problem is seniority, there is a real "Office Space" problem with the Fed. Dumbasses get promoted and the pay sucks so people drop out and become contractors, or just head to private industry all togehter.
You cant get better job security than the Fed though.
--
I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!! | |
| | | 
Karl Bode
News Guy
join:2000-03-02
Host:
Road Runner
PC gaming GAMES
PC gaming Tech
2 edits | Re: State department... F For the state and defense departments, I'm really curious how much access some random House committee got to their networks.....
My guess is between little and none. I assume they were simply exploring low level access stations?
Sending some guy into the Pentagon to determine security is like sending a rent-a-cop into Fort Knox to determine how secure it is....
Some staffer of former Rep. Stephen Horn: "Looks good guys...err....you get a C"
CIA Network Engineer: "Great. Get the #@# out of here, would you?" | |
| | | | vic102482
Premium
join:2002-04-30
Upper Marlboro, MD
| Re: State department... F said by Karl Bode :
For the state and defense departments, I'm really curious how much access some random House committee got to their networks.....
My guess is between little and none. I assume they were simply exploring low level access stations?
Sending some guy into the Pentagon to determine security is like sending a rent-a-cop into Fort Knox to determine how secure it is....
Some staffer of former Rep. Stephen Horn: "Looks good guys...err....you get a C"
CIA Network Engineer: "Great. Get the #@# out of here, would you?"
Hehe you are pretty much correct, and their audits consists of mainly running automated open 3rd party tools. Its just something for them to brag about, if government machines could be hacked/cracked, who would really waste time in NOT doing so?
There are buildings you cant even walk into without a Top Secret clearance, I seriously doubt the Fed is going to let mountains of data on their networks just walk out the door, and then get reported to the press.
--
I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!! | |
| | | 
calvoiper
join:2003-03-31
Belvedere Tiburon, CA | Why would IT security be different? Government does a lousy job at everything it touches, from education to mass transit.
Why would anyone expect IT security to be different?
Calvoiper
--
VoIP--the death knell of remaining voice monopolies! | |
| 
BIGMIKE
Premium
join:2002-06-07
Westminster, CA
|  Microsoft
| |
| | | |
|
|
·
