It’s Only Sensitive … So Let DHS Get Hacked
I’ve been doing this for a long time, and the latest hack into a Department of Homeland Security (DHS) coordination and planning network was really no surprise. If it wasn’t them it was going to be… what? Some nation-state still screwing with the FAA systems (with 3,800+ holes)… and that’s really bad.
Back in 1987, Congressmen Glickman and Valentine were the point men on the CSA, Computer Security Act of 1987. (This is the committee that told me cyberwar was a figment of my imagination.) One major goal of the Act was called “C2 by ’92.”
In the old security parlance of the Orange Book, C2 security was good enough for “sensitive but unclassified” information. Big push. Big initiatives. Big goose egg of security tongue wagging.
So DHS is downplaying this sensitive but unclassified hack as, “no information can be posted on Homeland Security Information Network (HSIN) that would cause anything more than minor damage to the homeland security mission.”
I am sorry. No, they should be!
Any data leak is potentially monstrous. So this data was C2. Fine. Then another C2-level hack here and another there… and you glue together all of the data from these hacks and suddenly the amalgamated data is MJ-12 (alien technology) secret. OK, you get the point.
Data in isolation may seem worthless, but a cut, a snip and a paste later you’ve got yourself a database worth boatloads to the bad guys.
What is even worse is that these days, the flipping DHS can’t practice Security 101 and avoid getting hacked? It’s not that hard… if you let the geeks do their jobs.
I find it immeasurably embarrassing that the guys and gals who are supposed to protect us can’t even protect themselves to the most minimal standards.
Of course the public information doesn’t say whether the situation was caused by a poorly configured machine (of what OS, by the way), unpatched vulnerabilities or the same type of criminal stupidity that allowed the details of Obama’s Helo to get into the hands of the Iranians.
Come on people: every bit of data is valuable. Just because you don’t see that doesn’t make it any less true.
Photo Credit: Raymond Yee
