Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Government Security The Almighty Buck United States

Report: DHS Failing On Cybersecurity 68

chicksdaddy writes: It's always interesting to listen to what politicians say on their way out of office — after the pressure to get re-elected and say "on message" has been lifted. Eisenhower's historic farewell address in 1961 warned Americans about the influence of the Military-Industrial Complex. Twenty years later, Jimmy Carter warned of the distorting influence of "single-issue groups and special interest organizations" on the political process. And, this week, outgoing Sen. Tom Coburn (R-OK) used his final days in office to issue a blistering report on the Department of Homeland Security. Coburn argued that DHS was failing on each of its five, critical missions, among them: cyber security.

The report, "A Review of the Department of Homeland Security's Missions and Performance (PDF)," was released on Saturday. In it, the outgoing Senator said that DHS's strategy and programs "are unlikely to protect us from the adversaries that pose the greatest cybersecurity threat."

Despite spending $700 million annually on a range of cybersecurity programs, Coburn said it is hard to know whether the Department's efforts to assist the private sector in identifying, mitigating or remediating cyber incidents provide "significant value" or are worth the expense. DHS programs are still heavily weighted towards software vulnerability mitigation, Coburn says, an activity that "will not protect the nation from the most sophisticated attacks and cybersecurity threats."
This discussion has been archived. No new comments can be posted.

Report: DHS Failing On Cybersecurity

Comments Filter:
  • No it isn't! (Score:3, Insightful)

    by Anonymous Coward on Tuesday January 06, 2015 @08:46PM (#48751005)

    It's doing exactly what it was intended to do: bilk appropriations to well connected people and Corporations in the name of National Security. If anyone EVER thought it was something other than that, they're far too naive for the present reality!

  • by ISoldat53 ( 977164 )
    I would believe this more if it weren't coming from Tom Coburn.
    • Re: (Score:3, Insightful)

      by Anonymous Coward
      Tom Coburn isn't all bad. I believe that people with medical degrees who have taken the hypocratic oath make pretty good leaders. They often seem genuinely concerned with the welfare of people. Lawyers often get too involved with winning against the adversary. Tom definitely can grandstand and play politics, but he also seems to genuinely believe in what he is doing and care about people.
      • Coburn cares more about figures in a ledger book than about people suffering needlessly just so his budget looks pretty to him.

  • by Anonymous Coward

    Just ask the NSA on how good we are at spying on ourselves. But we seem to be looking at ourselves as the biggest threats when in fact our enemies have been accruing more and more technology and intelligence to attack what would hurt the US the most, commerce. People have said for decades that the US is too cozy with China and that makes us vulnerable. The US used to make almost everything it consumed in commerce and now we have lost that edge and even in technology and its security we seem destine to ignor

    • In it, the outgoing Senator said that DHS's strategy and programs "are unlikely to protect us from the adversaries that pose the greatest cybersecurity threat."

      DUH! DHS and the NSA are the greatest threats to American cybersecurity.

  • by Snotnose ( 212196 ) on Tuesday January 06, 2015 @09:18PM (#48751145)
    Take a bunch of overly bureaucratic organizations that have needed weeding out for decades, create a huge new bureaucracy to oversee them all, and WTF can you expect?

    / Bush was the worst president in my 50+ year lifetime
    // Homeland security never made any sense to me
    /// I vote Republican prolly 70% of the time
    • You sir have restored my faith in humanity.

    • by AHuxley ( 892839 )
      It was such a good idea. Replace all the well paid union workers sitting around at small and remote sites with new computer systems and cheap networks.
      Less staff cost, less union workers and a few experts could care for a larger system of networked equipment over wide areas.
      So a lot of once secure air gapped sites where connected with low cost networks and everything seemed ok. Fewer on site workers, the same oversight and maintenance.
      Now for the next huge boondoggle. Remote site security upgrades.
  • by Anonymous Coward

    People fail to realize that if it wasn't for the Department of Homeland Security, Al Qaeda would be flying airplanes into buildings every single day. Mind you, I wouldn't shed a tear if a million white people died, but just think of all the African-Americans that the DHS is protecting. God bless the DHS.

  • The *LAST* thing we need is DHS thinking that they know security better than computer professionals. This article is just an invitation to get DHS to install "protection" software onto our PCs, or otherwise screw up the internet.
  • by bouldin ( 828821 ) on Tuesday January 06, 2015 @10:02PM (#48751455)

    Why does anybody care what a 66-year-old doctor from Wyoming thinks about information security?

    The report criticizes the DHS as ineffective at "cybersecurity" because of.. zero days or something.

    It's clear that neither Coburn, nor the author of the report, understands infosec or how it is different from kinetic war. You can't amass troops or use force. It's very difficult to even know who attacked you.

    You can do something like building defensive lines, but that's exactly what the report criticizes.

    • Even a stopped clock is right twice a day.
    • DHS isn't very effective at cybersecurity - but not for the reasons he cites (something about stopped clocks being right twice a day comes to mind).

      First, when it comes to 'cybersecurity', they have no actual authority. The best they can do is suggest and advise. I'm not saying they should have authority to make anyone fix vulnerabilities or whatever, I'm just pointing out that you can't really expect that they'll be effective at protecting X if the people in charge of X don't have to listen to a word they
  • You won't normally find me talking about the federal government being very effective at anything, but they have done some things right with cyber security. For example, their series of free online classes covering cyber security is much better than I would have expected.

    Of course they did contract that out to a STATE agency, and a rather unique one that whose budget process and operations is more like a private business - if people don't like the product (the classes), the agency doesn't get paid. So mayb

  • "Senator arguing that DHSâ(TM)s $700 million cybersecurity budget could better be spent elsewhere."

    A $700 million budget alone is evidence that they are way off target. The mission should be fairly narrow and focused and require only relatively small staff. The private sector does fine in most security area's. They just need to fill the gaps that are outside the scope of the private sector. Pick 8-10 real priorities do those really well and just cut everything else. Considering the FBI/NSA isn't even p

    • by TheCarp ( 96830 )

      > What exactly do they need to do that couldn't be done with a staff of two or
      > three hundred good people and a $150-$200 million budget? WTF

      create jobs. That is really all it has been about for a while. Shit go all the way back to prohibition and we got beginings of the drug war partially from efforts made by people who were basically looking to lose their jobs with nothing to do now that alcohol was legal.

      Their role is to create jobs and use as much budget as possible because the more they spread ar

  • Everytime the word "Homeland" is used, we should post reminders of how eerily familiar these Sophistries are to Hitler's own:

    Motherland, homeland, fatherland terrorism, terror cells. [] None of this shit is new. The communists did it too.

    • by sconeu ( 64226 )

      Remember, KGB stood for "Ministry for State Security".
      Sounds a hell of a lot like DHS, doesn't it?

  • Every time I hear bureaucrats rumbling about "cyber security" only thing that comes to mind are schemes to legalize spying "for our own good" ... Still seeing politicians getting airtime rambling about legislation to indemnify corporations for "sharing" information with the government not letting the Sony opportunity go to waste.

    The military industrial complex has countless billions of dollars at its disposal and the only constructive thing I've seen out if it is US-CERT mailing list which for the most part

  • obscure, poorly-defined, well-funded, with no vested constituency. what could possibly go wrong.

  • Hold on... I work in the private sector in info sec. DHS is nominally spending $700M annually on trying to provide value for the private sector? Huh? DHS doesn't provide value for anyone, as far as I know, much less the private sector. What kind of hallucinatory BS is this?
    • "What kind of hallucinatory BS is this?" don't know, but I'll bet that's where the $700M went. LSD isn't $4 a hit these days, even shrooms are at $15-$25 per gram. Hallucination-inducing pharmaceuticals aren't cheap.
  • The thing is, the task of the Department for State Security (their true designation) is not tasked with protecting any citizens or cooperations. Their task is to protect the state and its bureaucracy, by funneling billions of dollars to people with the "right" beliefs. And, as the budget numbers show, they are not failing at that at all.

"Don't worry about people stealing your ideas. If your ideas are any good, you'll have to ram them down people's throats." -- Howard Aiken