GovLoop

DorobekINSIDER: Issue of the week: Making cyber-security work

Welcome to GovLoop Insights Issue of the Week with Chris Dorobek… where each week, our goal is to find an issue — a person — an idea — then helped define the past 7-days… and we work to find an issue that will also will have an impact on the days, weeks and months ahead. And, as always, we focus on six words: helping you do your job better.

We talked about budgets a lot this week, and specifically, the possibility of across the board cuts known as sequestration, and there has been a lot of talk about what that will mean and whether it will happen.
We looked at cloud computing with GSA’s Dave McClure to get a sense as to where things stand today, and try to get a sense as to where they are going. We looked at how you can continue being a leader, even when times are tough and you are under the microscope. Tom Fox from the Partnership for Public Servicetold us that it is always important to focus on the important mission.

But our issue of the week: cyber-security. This has been a issue of growing significance — for everybody. We’ve learned in recent months many experts believe there is a cyber-war that is going on already, as viruses and worms like Stuxnet are used as weapons. And there is an ongoing discussion about how we defend ourselves and protect our critical infrastructures — those infrastructures upon which we are so dependent.

President Barack Obama signed an executive order earlier this month that could give the U.S. government control over the Internet. The policy, titled “Assignment of National Security and Emergency Preparedness Communications Functions,” is designed to empower certain governmental agencies with control over telecommunications and the Web during natural disasters and security emergencies. CNet reports that critics of the order are concerned with Section 5.2, which is a lengthy part outlining how telecommunications and the Internet are controlled. It states that the Secretary of the Homeland Security Department will “oversee the development, testing, implementation, and sustainment” of national security and emergency preparedness measures on all systems, including private “non-military communications networks.” And critics say this gives Obama the on/off switch to the Web.

Meanwhile, there were changes to some cyber-security proposals this week that seemed to be more of a compromise between security and privacy.

Proposals to increase cybersecurity by allowing businesses and government to share information may enjoy bipartisan support in Washington, but Americans aren’t sold on the idea, the latest United Technologies/National Journal Congressional Connection Poll finds. The National Journal reports that almost two-thirds of respondents said information-sharing should not be allowed because it would hurt privacy and civil liberties.

But the Pentagon is pushing for greater information sharing. One top Pentagon official has suggested lawmakers consider a proven set of 20 safeguards for federal networks to regulate cybersecurity in the private sector, NextGov reported.

With insights about what it all means is Rob Rachwald, he is director of security strategy at the security firm Imperva and he says these are challenging times because they are evolving SO quickly.


We can’t get away without mentioning that big hack on Yahoo earlier this month. Not a government story, exactly, although there were government users who were hacked, CNet reports.

Hackers exposed more than 450,000 login credentials, which appeared to be gleaned from Yahoo. The hackers said they hoped this would be taken as a wake-up call to the parties responsible for the security of the hacked site, but individuals should also see this as a warning to strengthen their own personal passwords. And there is a certain foolishness about passwords. Two CNet reporters went through the hacked passwords and looked at them by-the-numbers.
How many times do you think a sequential list of numbers was used, with “123456” by far being the most popular password… 2,295 times. There were several other instances where the numbers were reversed, or a few letters were added in a token effort to mix things up. And the number of times that ‘password’ was the password: 780 times.
Yahoo breach: Swiped passwords by the numbers.

And yes, there were feds who were impacted. CNet reporter Declan McCullagh posted some of the raw data on his Google+ page.

Of those impacted there were 123 who had .gov domains, 328 had .mil domains one who had a FBI.gov domain, who McCullagh says is an an agent specializing in Homeland Security and counterterrorism who used “PA$$w0rd01” as password.

And thePBS NewsHour has a tool where you can see if your password was exposed.

C/Net’s Elinor Mills says this all shows that we are really lazy — and that it is time for companies to use basic security practices, and for individuals to use common sense with passwords.

It sure seems like we need to move beyond passwords. They tell us that each site needs its own password. I have scores of sites that I use regularly — and ones that I use occasionally… and then many many applications that I use sometimes. Is it really possible to have a different password for each and every site? And remember them all?

Weekend reads

Exit mobile version