, ,

DorobekINSIDER: Issue of the week: Making cyber-security work

Welcome to GovLoop Insights Issue of the Week with Chris Dorobek… where each week, our goal is to find an issue — a person — an idea — then helped define the past 7-days… and we work to find an issue that will also will have an impact on the days, weeks and months ahead. And, as always, we focus on six words: helping you do your job better.

We talked about budgets a lot this week, and specifically, the possibility of across the board cuts known as sequestration, and there has been a lot of talk about what that will mean and whether it will happen.
We looked at cloud computing with GSA’s Dave McClure to get a sense as to where things stand today, and try to get a sense as to where they are going. We looked at how you can continue being a leader, even when times are tough and you are under the microscope. Tom Fox from the Partnership for Public Servicetold us that it is always important to focus on the important mission.

But our issue of the week: cyber-security. This has been a issue of growing significance — for everybody. We’ve learned in recent months many experts believe there is a cyber-war that is going on already, as viruses and worms like Stuxnet are used as weapons. And there is an ongoing discussion about how we defend ourselves and protect our critical infrastructures — those infrastructures upon which we are so dependent.

President Barack Obama signed an executive order earlier this month that could give the U.S. government control over the Internet. The policy, titled “Assignment of National Security and Emergency Preparedness Communications Functions,” is designed to empower certain governmental agencies with control over telecommunications and the Web during natural disasters and security emergencies. CNet reports that critics of the order are concerned with Section 5.2, which is a lengthy part outlining how telecommunications and the Internet are controlled. It states that the Secretary of the Homeland Security Department will “oversee the development, testing, implementation, and sustainment” of national security and emergency preparedness measures on all systems, including private “non-military communications networks.” And critics say this gives Obama the on/off switch to the Web.

Meanwhile, there were changes to some cyber-security proposals this week that seemed to be more of a compromise between security and privacy.

Proposals to increase cybersecurity by allowing businesses and government to share information may enjoy bipartisan support in Washington, but Americans aren’t sold on the idea, the latest United Technologies/National Journal Congressional Connection Poll finds. The National Journal reports that almost two-thirds of respondents said information-sharing should not be allowed because it would hurt privacy and civil liberties.

But the Pentagon is pushing for greater information sharing. One top Pentagon official has suggested lawmakers consider a proven set of 20 safeguards for federal networks to regulate cybersecurity in the private sector, NextGov reported.

With insights about what it all means is Rob Rachwald, he is director of security strategy at the security firm Imperva and he says these are challenging times because they are evolving SO quickly.

We can’t get away without mentioning that big hack on Yahoo earlier this month. Not a government story, exactly, although there were government users who were hacked, CNet reports.

Hackers exposed more than 450,000 login credentials, which appeared to be gleaned from Yahoo. The hackers said they hoped this would be taken as a wake-up call to the parties responsible for the security of the hacked site, but individuals should also see this as a warning to strengthen their own personal passwords. And there is a certain foolishness about passwords. Two CNet reporters went through the hacked passwords and looked at them by-the-numbers.
How many times do you think a sequential list of numbers was used, with “123456” by far being the most popular password… 2,295 times. There were several other instances where the numbers were reversed, or a few letters were added in a token effort to mix things up. And the number of times that ‘password’ was the password: 780 times.
Yahoo breach: Swiped passwords by the numbers.

And yes, there were feds who were impacted. CNet reporter Declan McCullagh posted some of the raw data on his Google+ page.

Of those impacted there were 123 who had .gov domains, 328 had .mil domains one who had a FBI.gov domain, who McCullagh says is an an agent specializing in Homeland Security and counterterrorism who used “PA$$w0rd01” as password.

And thePBS NewsHour has a tool where you can see if your password was exposed.

C/Net’s Elinor Mills says this all shows that we are really lazy — and that it is time for companies to use basic security practices, and for individuals to use common sense with passwords.

It sure seems like we need to move beyond passwords. They tell us that each site needs its own password. I have scores of sites that I use regularly — and ones that I use occasionally… and then many many applications that I use sometimes. Is it really possible to have a different password for each and every site? And remember them all?

Weekend reads

  • Are we having enough fun? TheStanford Social Innovation Review says that in education, the missing ingredient may just be fun. They say there is an epidemic of boredom in many of our traditional schools in America. According to the most recent High School Survey of Student Engagement, a full two-thirds of American youth report being bored in class. Yet, those same students who are tuning out in the classroom are turning on to video games and other forms of digital media outside of school. Based on data from the Entertainment Software Association (ESA), 46 million kids between the ages of 5 and 17 are gaming (along with 50 percent of their parents). Why are online games so popular? The short answer is they are fun and engaging. And as I was reading the piece, I couldn’t help but think that the discussion is also true for the workplace… and training.
  • We spoke to the scientist who has worked to create a vaccine for Anthrax and plagues. And we spoke about the power of making mistakes in research. To that end, MIT’s Technology Review writes about scientific history and the lessons for today’s emerging ideas, and they argue that by what they call the scientific turkeys of the 19th century may provide a stark warning about the value of mainstream scientific thought today. And Technology Review raises an interesting question: how much of what we consider mainstream investigation will fall into this category of best-forgotten science? And they suggest that one way to approach this question is to examine our own attitude to science at the end of the 19th century and the beginning of the 20th. “The popular account goes a little like this. This era was characterised by a sense that the universe could be more or less completely described by Newton’s laws of mechanics, the laws of thermodynamics and Maxwell’s electromagnetic theory. All was well, save for one or two minor cracks that everyone expected could be easily papered over. Of course, these eventually led to two of the greatest revolutions in scientific thought: Max Planck’s quantum theory in 1900 and Einstein’s theories of special and general relativity a few years later. However, this popular account understates much of the complexity of scientific debate at the time. In particular, it fails to capture the extent to which many mainstream scientific ideas turned out to be spectacularly wrong. These ideas were widely discussed, much cherished and, in many cases, widely supported. Now these cul de sacs of science are largely forgotten.”
  • There is a fascinating series in the Financial Times about Amazon. The paper notes that Amazon has long thrived by overturning the way people shop, but its shift into infrastructure is extending its power as a disruptive force to how business is structured. It is revolutionising the way entrepreneurs can create start ups, or revive staid companies, by letting them plug their ideas into pay-as-you-go systems that cost a fraction of the investment they would need to build such infrastructure alone.

Leave a Comment

Leave a comment

Leave a Reply