GeorgeTown Data theft

http://chronicle.com/wiredcampus/article/2705/computer-theft-leaves-georgetown-us-data-unprotected?utm_source=at&utm_medium=en

breaking into a locked room to steal a hard drive - the thief must have known what was on the "drive" (did they steal just the drive, a laptop, an external drive or a desktop). A supporting argument for whole disk encryption, and for physical security (how many people had a key, how sure are they that it was locked, video surveillance?)

DHS Real ID security concerns

http://www.gcn.com/online/vol1_no1/45737-1.html

In one of the last posts I talked about the problems inherent in connecting your security grid to the public network - we have seen European countries blackmailed by hackers to have their power turned back on and increasing attacks on the US power grid.

With the real ID act combining personal informaiton about all american citizens in one place, there is talk of having that information on a private network...that is connected to state networks - which are connected to the Internet.

One other issue, you select any employee, contractor or software company based on previous success. We don't have a track record of government protection of privacy or information assurance, so why increase the assets protected by the group until we can probe we can get it right?

DHS outsourcing

http://www.washingtontechnology.com/online/1_1/32153-1.html

$170 million in outsourcing contracts for border security by DHS.

FEMA outsourcing IT Architecture development

a $1billion dollar overhaul of the IT infrastructure after weaknesses were exposed during Katrina. Hard to believe software is what needs the overhaul:

http://www.washingtontechnology.com/online/1_1/32152-1.html

NSA to monitor US networks for cyberattacks

We have already seen utilities taken out by cyber attacks over seas, with demands made in order to restore power to the city:

http://www.washingtonpost.com/wp-dyn/content/article/2008/01/18/AR2008011803277.html

Having our critical infrastructure exposed to the public network is the first mistake, but since that will continue to be the case until we realize the risk, we need to monitor communication channels to ensure information security. Accountability and oversight have not been strong components of our surveillance programs over the last 8 years, however, jeopardizing the reputation of these efforts.


http://www.washingtonpost.com/wp-dyn/content/article/2008/01/25/AR2008012503261.html?wpisrc=newsletter

The classified joint directive, signed Jan. 8 and called the National Security Presidential Directive 54/Homeland Security Presidential Directive 23, has not been previously disclosed. Plans to expand the NSA's role in cyber-security were reported in the Baltimore Sun in September.

l3 cloudshield

Deep Packet Inspection for federal agency networks provided by cloudshield. just interesting that this type of information is publically available.

http://www.washingtontechnology.com/online/1_1/32135-1.html

capturing surveillance teams

http://www.washingtonpost.com/wp-dyn/content/article/2008/01/23/AR2008012303857.html?wpisrc=newsletter

an article about the difficulty of detecting surveillance when performed by small, independent teams. The information gathered by these teams is of no use unless it is shared, so detecting the network used to share this type of information is an important strategy and difficult task.

wireless warfare

http://www.washingtonpost.com/wp-dyn/content/article/2008/01/23/AR2008012303695.html?wpisrc=newsletter

new software designed by the department of defense to increase the effectiveness of soldiers in the field is facing many of the same challenges most software faces. The level of outsourcing is interesting, but with a project as complex as this, it would be difficult for any one outsourcing agent to have a complete view of how things work.

Extreme Interrogation -

The term "Extreme Interrogation" is very PC, rather than call it torture. This article makes some really interesting points about why the CIA interrogation tapes were made:
http://www.washingtonpost.com/wp-dyn/content/article/2008/01/15/AR2008011504090.html?wpisrc=newsletter

in order to prove that the interrogation techniques were following the letter of the law, underscoring the fact that this discussion shouldn't be about whether the tapes were destroyed and which particular agency employee should be held accountable as much as whether "Extreme Interrogation" is torture. I tend to trust the opinion of someone who has been there - if McCain says it's torture, we should label it as such.