Next message: mea culpa: "[ISN] Paging Network Hijacked"
Reply From: Gary Mounfield <mani�t_private>
> Reply From: krys <krys�t_private>
>
> > DOD preps office for cyberdefense
> >
> > According to an industry source familiar with the project, about 300
> > Ph.D.-carrying reservists would work from home computers that would be
> > tied into high-speed communications links. DOD has budgeted $10 million to
>
> Is the fact that the people who will be protecting our nation's
> information infrastructure own doctorate degrees supposed to be
> comforting? I find this appalling. As most of us know, college teaches
Let's have a quick look at the facts here. The statement you're so upset
about is not from a press release or any other DoD official
communication. It is from an anonymous soruce quoted in a Federal Computer
Week article - hardly the most reliable of sources. What I took from this
was that the unit would be largely reserve-based which sounds like a very
good idea. In doing this DoD is admitting two things - 1) that it does not
have sufficient expertise in house to carry out this function and 2) that
it cannot attract the calibre of people it needs on a fulltime basis.
Almost no security professional on this list, save for a few Walter Mitty
types, is going to leave the private sector to go work for the US DoD.
Quite a few of them would qualify, or have qualified, for security
clearances and would not be adverse to "serving their country", albeit
while keeping their cushy private sector job. Who would you rather have on
this team, someone like Bruce Schneier or some kid just out of training
who got the post because of a 6 week course in systems?
> hoop-jumping and theory, with a bit of practical knowledge sprinkled on
> top for color. Who are these people, and what qualifies them as
> "cyberdefense warriors?" Some of the most skilled security
> professionals I know have never even procured a Bachelor's degree, much
> less a PhD. Who is responsible for training these people in matters of
I doubt that a formal education will be a hard requirement for the unit.
Professional standing / reputation is likely to serve the same function.
Also do bear in mind that some of the most interesting work, from a DoD
perspective, has been done by the likes of COAST and the UCDavid seclab.
Much as I hate to admit it there are some good people in academia who are
working on serious cutting edge stuff, cf some of the academic IDS
systems.
> network security? The same people who are responsible for the current
> state of military and government security? That's almost laughable.
> This smells suspisciously like a pacifier for the media and the public,
> and a means to explain away $10mil U.S. dollars. I'm not buying it.
The whole idea is that DoD is turning the whole damn thing on its head and
creating a new unit with new responsibilities. As I said above, this
amounts to a tacit admission of the failure of the current system.
We shall see.
Gary Mounfield
-o-
Subscribe: mail majordomo�t_private with "subscribe isn".
Today's ISN Sponsor: New Dimensions International [www.newdimensions.net]
This archive was generated by hypermail 2b30
: Fri Apr 13 2001 - 12:59:42 PDT