The Pentagon has a critical need for cyber-security policies, procedures and software to protect America's security secrets. Common sense alone tells us that. However, in practice, it's a bureaucrat's wet dream and a cyber-security specialist's nightmare. Wired reports:
Some people may find it strange that the Defense Department, which helped create the internet, is having so much trouble securing its networks. Those people have not seen this mind-numbing, 2-foot-long chart, outlining the 193 documents that govern the activities of the Pentagon’s geek squads.
Developed by the DASD CIIA (that’s the Deputy Assistant Secretary of Defense for Cyber, Identity & Information Assurance), the goal of the chart is to “capture the tremendous breadth of applicable policies, some of which many IA practitioners may not even be aware, in a helpful organizational scheme.”
. . .
Obviously, operating networks for the millions of people who make up the world’s largest military is no simple task: The financial, legal, organizational and technical issues are nothing short of staggering. On the other hand, the hackers trying to break into those networks don’t have to check 193 different policy documents before they launch their malware. It’s hard not to think that gives the attackers an edge.
There's more at the link, with a remarkable diagram portraying all of the rules and regulations and how they interface with one another.
I highly recommend reading the article, and particularly trying to decipher the diagram. With this sort of bureaucratic maze to navigate, just how the hell do our cyber-security experts manage to get anything done? Ever?
The only consolation is that anyone trying to hack into networks protected by such a convoluted layer of official specifications and requirements is likely to end up chasing his own tail through an electronic chamber of horrors, pursued by screaming silicon zombies.
Ye Gods and little fishes . . .
Peter
[quote]I highly recommend reading the article, and particularly trying to decipher the diagram. With this sort of bureaucratic maze to navigate, just how the hell do our cyber-security experts manage to get anything done?[/quote]
ReplyDeleteThat was not the flow chart. It was merely the list of the 193 documents that "govern" (that's [i]got[/] to be the wrong word) keeping state secrets secret. The flow chart will have so many arrows crossing each other, making endless loops, and choosing both options in an either/or situation that it will then truely make your head hurt.
stay safe.
Try being a plain old USER of info/data and you won't be so reserved in your condemnation, Peter. At times it feels like the vague organization called "the CIO" actually are trying to prevent data exchange.
ReplyDeleteLeatherneck
Leatherneck beat me to it... I've had problems even sending a test email to MYSELF!
ReplyDelete