Forwarded from: security curmudgeon <jericho (at) attrition.org> On Mon, 5 Oct 2009, InfoSec News wrote: : http://www.cringely.com/2009/10/the-cybersecurity-myth/ : : Listen to this post in Bob's sexy, sexy voice : http://www.cringely.com/podcast/20091002.mp3 : : Robert X. Cringely : October 2nd, 2009 : : The Department of Homeland Security (DHS) said this week it will hire : up to 1,000 cybersecurity experts over the next three years to help : protect U.S. computer networks. This was part of National : Cybersecurity Awareness Month and the announcement was made by DHS : Secretary Janet Napolitano, who also said they probably won.t need to : hire all 1,000 experts, which is good because I am pretty sure THERE : AREN'T ONE THOUSAND CIVILIAN CYBERSECURITY EXPERTS IN THE ENTIRE : FRIGGIN. WORLD!!!! This article is pretty spot-on, and amusing even. Two gripes though: 1. Using the math behind the number of CCIE's is a non-starter. Holding a CCIE isn't about 'cyber security' at all. http://www.cisco.com/web/learning/le3/ccie/index.html The Cisco Certified Internetwork Expert (CCIE) certification is accepted worldwide as the most prestigious networking certification in the industry. Network Engineers holding an active Cisco CCIE certification are recognized for their expert network engineering skills and mastery of Cisco products and solutions. 2. The big point Cringely seems to miss, is that even if there were 1000 qualified civilian security experts, then what? Let's say money was no object and DHS could manage to hire the top security people in the industry. What could they do for DHS exactly? The key here is that DHS thinks they can "help protect U.S. computer networks". Admittedly, it has been 3 or 4 years since i've gone stomping through various .gov networks, but I can't imagine the atmosphere has changed at all. The atmosphere I was familiar with between 1999 - 2006 was one where a given agency was very secluded from the rest of the government. They had no intention of allowing other .gov agencies in their house unless it came with a presidential order, warrant and armed federal agents. No, this wasn't the spook agencies and high profile names you are familiar with, these were agencies like the National Park Service or Minerals Management Service. The horror stories of inter-governmental communication are notorious to anyone who has played in one of the many .gov sandboxes. Does anyone really expect that 1000 cyber warriors sitting at DHS will be allowed to do *anything* for "U.S. computer networks" in reality? I don't. -=- Forwarded from: Richard Forno <rforno (at) infowarrior.org> & cc'd: security curmudgeon <jericho (at) attrition.org> On Oct 5, 2009, at 04:54 , security curmudgeon wrote: > This article is pretty spot-on, and amusing even. Two gripes though: Good to know great minds think alike. > 1. Using the math behind the number of CCIE's is a non-starter. > Holding a CCIE isn't about 'cyber security' at all. Yep. > 2. The big point Cringely seems to miss, is that even if there were > 1000 qualified civilian security experts, then what? Let's say > money was no object and DHS could manage to hire the top security > people in the industry. What could they do for DHS exactly? More bodies = able to do more work = able to show more activity = able to justify more requests for financial and policy authority. That's the goal of all bureaucracies. Just ask Sir Humphrey. > The horror stories of inter-governmental communication are notorious > to anyone who has played in one of the many .gov sandboxes. Does > anyone really expect that 1000 cyber warriors sitting at DHS will be > allowed to do *anything* for "U.S. computer networks" in reality? I > don't. /dons cynical hat/ But then DHS can say it too has an 31337 cyber-command, just like its DOD counterpart! And then a new joint fusion center can be created between DOD and DHS to coordinate their efforts and further reduce 'stovepiping' within the national and homeland security organisations. That means more Congressional committees will be involved (which makes Congress happy) and thus we can keep working to secure America's cyberspace, and more importantly, EVERYBODY GETS MORE MONEY TO CONDUCT MORE ACTIVITY!!!! [1] [1] "activity" =! "effective or meaningful activity" ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Tue Oct 06 2009 - 01:36:32 PDT
This archive was generated by hypermail 2.2.0 : Tue Oct 06 2009 - 02:06:51 PDT