Politically Motivated Computer Crime and Hacktivism: U.S. Cyber Security Not Adaquate

Wednesday, September 17, 2008

U.S. Cyber Security Not Adaquate

The U.S. Government Accountability Office (GAO) has released a report (originally dated July 2008) critical of the U.S. Government's cyber security.

The report defined, in part, the threat:

"There is increasing concern among both government officials and industry experts regarding the potential for a cyber attack on the national critical infrastructure, including the infrastructure’s control systems. The Department of Defense (DOD) and the Federal Bureau of Investigation, among others, have identified multiple sources of threats to our nation’s critical infrastructure, including foreign nation states engaged in information warfare, domestic criminals, hackers, virus writers, and disgruntled employees working within an organization. In addition, there is concern about the growing vulnerabilities to our nation as the design, manufacture, and service of information technology have moved overseas. For example, according to media reports, technology has been shipped to the United States from foreign countries with viruses on the storage devices. Further, U.S. authorities are concerned about the prospect of combined physical and cyber attacks, which could have devastating consequences. For example, a cyber attack could disable a security system in order to facilitate a physical attack."

The GAO broadly assessed operations in four areas: Monitoring, Analysis, Warning and Response and found issues in each domain.

One of the key challenges the report identified was organizational and management issues within the U.S. Department of Homeland Security (DHS) stating that the cyber security initiative is:

"...operating without organizational stability and leadership within DHS—the department has not provided the sustained leadership to make cyber analysis and warning a priority. This is due in part to frequent turnover in key management positions that currently also remain vacant. In addition, US-CERT’s role as the central provider of cyber analysis and warning may be diminished by the creation of a new DHS center at a higher organizational level."

Until DHS addresses these challenges and fully incorporates all key attributes into its capabilities, it will not have the full complement of cyber analysis and warning capabilities essential to effectively performing its national mission."

CRITICAL INFRASTRUCTURE PROTECTION: DHS Needs to Better Address Its Cybersecurity Responsibilities

No comments:

Post a Comment

About Encurve, LLC

Encurve, LLC - Building Intentional Security^TM.

Intentional - Purposeful. Deliberate. Planned.
That's what security should be.

Closing the gap between business leaders and security practitioners is what intentional security is all about.

Encurve, LLC offers a wide range of services:

Security Assessment & Management Services
Employing our real-world experience and proprietary methodologies to help security organizations become for focused and efficient.

Executive Advisory & Support Services
Providing the strategic and business focused analysis required by business leaders to make investment and risk decisions without getting lost in the technology.

Security Business Development
Enabling companies to provide professional or managed security offerings to their customers through the development of core and differentiated capabilities.

Brochures

Encurve's Security Capabilities
Encurve's Protect OnDemand^TM Solutions for Demanding Security Situations
Incident Response Capability Assessments
Due Diligence Services
Security Assessment Training
About Encurve and Intentional Security

Contact Encurve, LLC to start Building Intentional Security^TM.

Building Intentional Security^TM and Protect OnDemand^TM are trademarks of Encurve, LLC in the United States and other countries.