Newsfederalagencieshackdoomed

Sat Dec 20, 2014, 12:10 AM

MOST FEDERAL AGENCIES WOULDN’T BE ABLE TO BOUNCE BACK FROM A SONY HACK

A file-wiping attack such as the Sony Pictures Entertainment hack could bring major federal departments to their knees, because most have no data-loss contingency plans, according to the latest figures on compliance with government cybersecurity laws. 

Further, unplugging systems to contain damage, as Sony did, would impair an agency’s ability to carry out constitutional duties, some former federal cyber leaders say.

(snip)

Unlike industry, the federal government is required to have backup procedures in case of a cyber emergency. That said, agencies don't always follow the rules. 

More than 60 percent of the government's major agencies do not have full contingency plans should data become unavailable, according to an annual report to Congress on the Federal Information Security Management Act.

http://m.nextgov.com/cybersecurity/2014/12/most-agencies-wouldnt-be-able-bounce-back-sony-hack/101658/

19 replies, 1238 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread

Response to Gamle-ged (Original post)

Sat Dec 20, 2014, 06:18 AM

1. For the fourth time in recent past, I will need a new credit card this time, due to Staples hack

this follows three other recent hacks- home depot and target for two.

All corporations in the private sector.

I don't think Sony will ever recover.

And last Christmas Target lost millions of dollars as customers were scared to shop there

Time for a bi-partisian bill to make hacking/leaking/spying on the internet into some serious jail time with zero tolerance.
And same with people inflicting a virus onto somebodies computer and not only losing data, but causing people to spend hundreds of dollar on new equiptment, let alone time lost.

I will never go back to using cash for 99.9% of things I purchase, but having to keep remembering what sites need a new updated number gets annoying.
Why can't there be a security number, so people could plug in their c/c info without having to actually reveal the # and expiration date, and the security number would be useless if someone stole it without the other numbers. Maybe private corporations should stop insisting on stockpiling people's personal info.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to graham4anything4HC45 (Reply #1)

Sat Dec 20, 2014, 01:58 PM

9. Pay with cash and there is no problem

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Badsamm (Reply #9)

Sat Dec 20, 2014, 02:19 PM

10. A lot of things don't take cash.

Other things make it too inconvenient to use cash.

Like toll bridges and roads.

Or parking meters.

Or internet purchases. Most credit card companies offer a pseudo-card linked to your actual card that you can use for specific purposes. Any other entity that tries to use it is denied.

I don't do auto-pay for anything. I do online banking and direct my bank to issue payments, sometimes an eft, sometimes a check, whichever they choose to do. Makes it easier for them and me.

Comcast and verizon would absolutely love it for me to give them access to do a direct debit from my account. In their dreams.

I also never use my debit card for purchases. There is no protection on that method. I instead use a credit card with a very low maximum.

I find it interesting that so many merchants have gone to a system where they run a personal check thru their machine, use the routing info to turn it into an eft, and then sometimes hand back the check for you to dispose of.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to exindy (Reply #10)

Sat Dec 20, 2014, 04:20 PM

16. Purchase pre-paid credit cards from the supermarket

You can get them for up to $500.00 credit

I use them mostly for online purchases.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Badsamm (Reply #9)

Sat Dec 20, 2014, 03:38 PM

12. They should outlaw cash and coins. No one can be robbed of cash if one has no cash at all.

Plus one has a yearly expense record of all transactions if using c/c. Comes in handy at tax time.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to graham4anything4HC45 (Reply #12)

Sat Dec 20, 2014, 03:48 PM

15. The IRS can eat a bag of dick.

Why do want someone else controlling your money? That is the dumbest fucking thing I have ever heard and you deserve to lose everything

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Gamle-ged (Original post)

Sat Dec 20, 2014, 10:23 AM

2. Bullshit.

Gov't agencies are required to provide and test contingency plans.

This is another of those gov't can't do anything right lies.

Why is it that so many businesses have breaches but the only ones that have happened to the gov't systems were thru a private company and not directly?

Hmmm?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to exindy (Reply #2)

Sat Dec 20, 2014, 12:37 PM

3. Reading is fundamental. From the piece:

"That said, agencies don't always follow the rules.  

More than 60 percent of the government's major agencies do not have full contingency plans should data become unavailable, according to an annual report to Congress."

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Gamle-ged (Reply #3)

Sat Dec 20, 2014, 01:05 PM

4. Going out on a limb here but

I don't believe 60% of the agencies NEED a FULL contingency plan.

Secondly, I don't believe congress would FUND a FULL, unneeded contigency plan.

Thirdly, the article is a pure hit piece with an agenda in mind.

Fourth, you didn't address my points, like what major breaches have occurred in essential gov't service which were not thru a private company interface?

Don't look to Manning -- he didn't breach anything. Some clown gave him the keys to the safe and even then all the blame fell on Manning. Where was the guy who actually caused the problem?

In the case of Manning, he sidetracked the normal, very secure, communications system that was in place. That system was not breached.

Let's face it, the anti-gov't services crowd, the ones whose primary agenda is increased profits for private interests, are constantly redefining situations and issues to point to things that further their agenda.

Like I said, bullshit. I'd rather put my trust in the DoD finance system, SS payment system, etc, than some company that cares more about dividends for their stockholders than deposits of monthly pay into common people's bank accounts.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to exindy (Reply #4)

Sat Dec 20, 2014, 01:18 PM

6. Trust who you will, no skin off my, etc. AND any "unneeded contingency plan" looks needed now...

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Gamle-ged (Reply #6)

Sat Dec 20, 2014, 01:33 PM

7. Huh?

Sony isn't a gov't agency.

Why are you trying to use a total lack of competence in a private, for profit, supposedly more efficient and better run, company

to say some phantom gov't agency that hasn't had a breach has a problem?

I'd suggest you take off your blinders.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to exindy (Reply #7)

Sat Dec 20, 2014, 01:45 PM

8. One extreme position would be to say that the government can't do anything right. Not my view. But..

... another extreme view would be to say the the government is fully in control of all that needs controlling. Also not my view. Go on ignoring the news about concerns for our power grid and etc., it's much more pleasant to ignore such disturbing stuff and to skip and sing among the flowers of May, even in December. Have a happy tra-la-la!...

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Gamle-ged (Reply #8)

Sat Dec 20, 2014, 02:27 PM

11. So much projection and such cute strawmen

Where to start?

"Fully in control"? Where did I say that? Reading something between the lines?

And then there's the "all that needs controlling". Perhaps the agency chooses to control the stuff that needs to be controlled and then doesn't waste resources in protecting that which doesn't.

Do you carry comprehensive coverage on a car that isn't worth the deductible?

And then to suddenly bring up the electric grid. My, how sweet. Most of the grid is physical and needs physical security.

Half the electric companies have been privatized. Not even regulated utilities anymore.

Perhaps the failing is that people tend to be disturbed more by that which they don't understand. And then don't make the effort to gain understanding.

That's the tra-la-la.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to exindy (Reply #11)

Sat Dec 20, 2014, 03:47 PM

14. Go to the fifth paragraph of the link in the OP, click the "annual report" to Congress. This...

... produces a .pdf file, "Annual Report to Congress, May 1, 2014." Note Section V, "Summary of Inspector General's Findings", especially the charts on pages 38 and following, "Programs in place, programs not in place" and "compliance."

Might be informative, might not. No skin off my, etc. ...

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Gamle-ged (Reply #14)

Sat Dec 20, 2014, 04:26 PM

17. From my post 5

"I would bet that major gov't agencies are each attacked a couple dozen times -- probably much more.

I have a very good friend who is an admin for the mid-tier of a major DoD agency who receives the monthly status report of attempted external security threats.

According to his anecdotal information, there are thousands each month. The bulk never make it past the "who's there?".

So what's your point? Mine is that we know there are attempts at our most sensitive public systems and those are thwarted. We also know that the successful ones are those that are attempted against the private companies.

It seems to me that the private companies might be better off to run their IT operation more like the gov't systems rather than the other way around.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to exindy (Reply #17)

Sat Dec 20, 2014, 04:51 PM

19. Ah well, differing points of view makes the blah blah lost interest...

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Gamle-ged (Original post)

Sat Dec 20, 2014, 01:15 PM

5. During normal day-to-day operations

I would bet that major gov't agencies are each attacked a couple dozen times -- probably much more.

I have a very good friend who is an admin for the mid-tier of a major DoD agency who receives the monthly status report of attempted external security threats.

According to his anecdotal information, there are thousands each month. The bulk never make it past the "who's there?".

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Gamle-ged (Original post)

Sat Dec 20, 2014, 03:38 PM

13. Doesn't sound so bad.

It would be like a government shutdown without the political fallout.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Dork_Diggler (Reply #13)

Sat Dec 20, 2014, 04:40 PM

18. No political fallout?

You've just proved that ideologues should be nowhere near important stuff.

Imagine a catastrophic shutdown at social security. How many people wouldn't be able to eat or pay their rent?

How about the medicare system? No doctor/hospital payments, no drug copays, etc.

How about the VA?

Then there's the ongoing stuff. During the last shutdown the ATC system went to emergency mode and disrupted air travel all over the world. Why the congress even had to do a special allocation to keep the executive airports operating -- can't inconvenience the folks who use the special terminals.

How about the military? How many soldiers in transit who can't buy a ticket or a meal? Or gas up that naval ship or air force jet.

So....no political fallout?

BTW, this isn't 1750.

Reply to this post

Back to top Alert abuse Link here Permalink

Newsfederalagencieshackdoomed