Lessons Can Be Learned From Homeland Security Weaknesses - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure

Lessons Can Be Learned From Homeland Security Weaknesses

Companies can learn a few lessons from the security missteps and weaknesses at the Department of Homeland Security. Here are some tips to reduce your vulnerability.

As bad as information security may be at the Department of Homeland Security, the situation should act as a good lesson for IT and security managers on the corporate side.

In a Congressional Hearing on Wednesday afternoon, congressmen and government officials took a hard line with the Department of Homeland Security and its CIO, Scott Charbo, over the number of security vulnerabilities and breaches that have plagued the agency. And this isn't just any government agency. The DHS is an umbrella agency that is in charge of preventing terrorist attacks within the United States. In that vein, it's set up to be the leader in the country's cybersecurity.

Wednesday's hearing, though, highlighted some pervasive problems in the department's network -- infected desktops, unauthorized laptops connected to the network, classified e-mails sent over unclassified networks, and classified "data spillage."

Keith A. Rhodes, chief technologist at the U.S. Government Accountability Office and the man considered to be the fed's top hacker, said in an interview that the spotlight on security weaknesses at DHS should be a wake-up call because none of them are government-agency specific. They're problems that any company could be suffering from.

"They should be thinking about this," he said, adding that there are four major areas that CIOs and CSOs should be focusing on.

  1. Don't Be Cheap -- If you're in a position of authority, you've got to understand that you've got to put some money into this. It does not have to break the bank, but it does not come for free. CIOs and CSOs have to have a budget and they have to have the backing of the board. The board has to understand that they have something to lose.

  2. IT Must Talk To The Users -- IT managers and the IT workers down in the trenches need to understand what it is they're protecting. They're not just protecting boxes and machines. The people who are running the system have an obligation to talk to the users to understand the value of the information they're protecting. What is this information? How critical is it? Based on the value of certain information, they might, for instance, decide they need two-factor authentication in certain areas.

  3. Users Need To Be Vigilant -- Users need to understand that they have a mission -- a part to play in protecting their company. They need to keep their eyes and ears open about what's going on in the system and be aware of things that don't look right. A user has to notice when systems operate differently than normal. They have an obligation to tell someone if they are in the middle of doing something and the system logs them out and then asks them to log back in again. That could be a sign that someone is interjecting a fake log-in screen to capture passwords.

  4. Get Legal Involved -- The company has to understand what it can and cannot do in order to protect its systems. How can they appropriately and legally monitor employees? How do they go about collecting evidence after a breach? What is the company's relationship to local law enforcement and the FBI?

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Commentary
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
Slideshows
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Slideshows
Flash Poll