By Kimberly Hill TechNewsWorld Part of the ECT News Network
06/20/07 3:37 PM PT
A Congressional subcommittee learned that the U.S. Department of Homeland Security has experienced about 800 security breaches, many in the form of computer hacking. The DHS, an organization with hundreds of separate departments, possibly suffers from not having an overall plan to address security issues, according to Khalid Kark, senior analyst with Forrester Research.
Is Your Website Killing Customer Confidence? Your Website's privacy policy can be a key factor in a customer's decision to do business with you, and it is vital to ensuring you don't run afoul of your online legal and regulatory responsibilities. Need more reasons? Read on.
U.S. Department of Homeland Security CIO Scott Charbo was in the hot seat Wednesday, testifying before a Congressional subcommittee on the hundreds of security breaches that have occurred at various areas within his organization in the last couple of years. Some reports pin the number around 800, and they comprise everything from stolen laptops to Web site hacks.
Ironically, the problems exist at the very agency that "should be setting an example," Khalid Kark, senior analyst with Forrester Research, told TechNewsWorld. The example that DHS should be setting includes taking a comprehensive view of computer security, not just a technical one, he stressed.
Techies in Charge
"In federal government," he said, "the person in the chief security position typically is more technical. So they tend to rely quite a bit on technology." That technology, he explained, often is a point, best-of-breed solution for each particular security issue. At a governmental organization like the DHS, with hundreds of separate departments, that can mean lots of point solutions and no overall plan.
"That's what technologists do," Kark stressed.
However, the DHS was formed several years ago by merging many government agencies, each with its own culture and approach to information security. What the organization lacks is the processes and procedures necessary to support personnel attempting to comply with security policies and use the advanced technical tools available to them to keep information safe, Kark argued.
Core Issues
For example, missing laptop computers are a common security issue for industry and government alike.
"We have so many breaches that we've come to the conclusion that any sensitive information needs to be encrypted and you have to augment that by having processes where laptops are routinely backed up," Kark noted.
In fact, the DHS may have a security policy regarding laptops that provides state-of-the-art protection for the information residing on them -- on paper, that is.
"They have a policy addressing a particular security element 99.9 percent of the time," explained Kark. "The question is, are you really enforcing that policy, and how seriously?"
Thus, Scott Charbo's challenge is not a technical one, but a management one. "You don't start with technology, you start with process," he said.
"They have to start broadly and do a gap analysis first," Kark continued. "But right now, they're not using a coherent strategy ; they're just scrambling."
Ethernet's New Security Layer June 19, 2007
"Only encryption can protect data itself -- and while IPSec (Layer 3) is still very common due to its flexibility, the technology is an overhead burden on the network," said Safenet's Andy Solterbeck. "IPSec encryption can create significant network bottlenecks, whereas Layer 2 encryption introduces virtually no latency or overhead to the network."
Related Stories
Al-Qaeda May Launch Cyber Attack on Financial Sites, Warns US December 01, 2006
The U.S. government warned of a possible Internet attack on U.S. banking Web sites by a radical Muslim group reportedly associated with al-Qaeda, but the threat was unconfirmed and seemed to pose no immediate danger, said officials. The warning was based on a Jihadist Web site posting.
Windows Server Flaw Concerns Homeland Security Department August 11, 2006
The U.S. Department of Homeland Security is warning that a Windows Server vulnerability addressed in Microsoft's Patch Tuesday announcement for August may put the nation's critical infrastructure at risk. The patch Microsoft issued for the flaw this week should be implemented right away, urged VeriSign iDefense Rapid Response Team Director Ken Dunham.
Homeland Security Tests Mobile Alert System July 13, 2006
A new digital alert system could replace the antique system currently operational in the U.S. as early as next year. The Department of Homeland Security is testing the technology, which would send text messages alerts to mobile devices in the event of natural disasters, terrorist threats or other emergencies.
Related News Alerts
More by Kimberly Hill
Apple's Remote: An App Near to My TV-Hungry Heart February 05, 2009
If you think free iPhone apps are worth the price, think again -- especially if Apple is the developer. Remote is one freebie that you're going to want to use every time you turn on your TV. And keep using for hours, even if you don't make a single phone call or surf to a single Web site. There's a method to Apple's generosity: It hopes you'll never put your iPhone down.
Boxee Gives New Meaning to Plug and Play February 04, 2009
If you're longing for media convergence but not yet sure you want to spend big bucks to make it happen in a still-shifting television landscape, Boxee might be just the app for you. MacNewsWorld reviewer Kimberly Hill, who's been testing the alpha release with her Mac, considers it a great way to wait until the dust settles.
The Plight of Advertisers in a Multichannel World January 09, 2009
Consumers increasingly expect device independence in accessing content, indicates a new survey from Deloitte. The trend is most pronounced among younger people, but Baby Boomers and older adults -- those likely to be bigger spenders -- are also mixing it up. What's an advertiser to do?
Headline Feeds
Talkback: 
