247108

#100429

Robert Deitz II
Participant

This statement, by the US Governments CIO, is shocking in it’s seeming lack of basic security knowledge. One of my biggest issues over the last 14 years in discussions with officials on security is first define what you mean. If in fact Cyber Security is a defense against Cyber Warfare, you must look at basic warfare doctrine to know if you are putting up the right defenses. And the first doctrine is never attack the enemy’s strongest point (it didn’t work for Picket and Lee at Gettysburg, it won’t work now). Create a diversion and flank them. In Cyber terms, that means use a “trusted source” to allow you in the door, and then breach where there are the least defenses.
So let’s say I was the Chinese trying to get into the Executive Office of the President to find out what he was planning next. I would not try to breach the EOP site if I knew that Recovery.gov was vulnerable, and yet was directly connected to the White House. If the White House is uploading data, someone there has a direct link to the site. And someone at the site can reply back to them. I am going to attack and take over Recovery.gov as it is much easier, I then get the keys to the White Hose as I am a trusted site and source.
I can give hundreds of other examples, it seems that the Government has not yet defined what they want to do with Cyber Security, and thus the Cloud Seems like a good idea. I know it does to the Chinese and Russians and Mexican Drug Cartels and ………..