Computerworld - Sorry, I have to do this. I have to rant. Here's what I have to get off my chest. News item: "DHS Scores F on Cybersecurity Report Card."
Last week, a congressional oversight committee gave the U.S. Department of Homeland Security a failing grade on its annual cybersecurity report card. Congress says that when it comes to protecting the country's data infrastructure -- an entity that in itself has become critical to the continued functioning of the U.S. economy -- the DHS is a D-U-N-C-E. Appalling.
Shortly after 9/11, I published an article at SNWonline.com that stated that an aggressive and well-thought-out attack on our financial information systems could be economically devastating. Furthermore, I wrote that the attacker didn't have to strike by exploding a dirty bomb or hijacking a plane. In fact, the attack could be executed without taking a single life. An attacker using electronic means could even be smart and resourceful enough to disable disaster recovery (DR) capabilities just before launching an attack.
To be sure, I didn't expect Washington to hear this particular warning because at the time, there were many more audible voices saying the same thing. But the very sad truth is that the current administration wasn't listening to them either. In fact, the DHS has been handed the cybersecurity dunce cap three years running. The rest of us knew that Al Gore was just joking when we claimed to be the creator of cyberspace. The DHS must have taken the joke seriously because they behave like cyberspace is a place where only liberals live.
If you are an IT professional, I think it is safe to assume that the DHS doesn't get it and won't -- that it's not even interested in locking the door at night. I think that means that you, the IT professional, have to double-down on security measures. This would include scrutiny of firewalls and adding storage-based security. And, here's another thought I have in that regard: Is your DR plan vulnerable to an attack? Said another way, could an attacker disable your DR capability prior to launching an attack? In essence, does your DR plan have a DR plan?
We now live in a society in which very powerful -- and potentially harmful -- information technologies can be had at a cost of something between cheap and free. As an attacker, all you really need to add to the mix is brain power. In fact, I personally think that all it will take is one devastating cyberattacker to prove to us that bombs are obsolete. So I ask again. Is your DR plan safe from attack?
John Webster is senior analyst and founder of research firm Data Mobility Group LLC. He is also the author of numerous articles and white papers on a wide range of topics and is the co-author of the book Inescapable Data: Harnessing the Power of Convergence (IBM Press, 2005). Webster can be reached at email@example.com.
Read more about Data Storage in Computerworld's Data Storage Topic Center.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!