Lessons Can Be Learned From Homeland Security Weaknesses - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Lessons Can Be Learned From Homeland Security Weaknesses

Companies can learn a few lessons from the security missteps and weaknesses at the Department of Homeland Security. Here are some tips to reduce your vulnerability.

As bad as information security may be at the Department of Homeland Security, the situation should act as a good lesson for IT and security managers on the corporate side.

In a Congressional Hearing on Wednesday afternoon, congressmen and government officials took a hard line with the Department of Homeland Security and its CIO, Scott Charbo, over the number of security vulnerabilities and breaches that have plagued the agency. And this isn't just any government agency. The DHS is an umbrella agency that is in charge of preventing terrorist attacks within the United States. In that vein, it's set up to be the leader in the country's cybersecurity.

Wednesday's hearing, though, highlighted some pervasive problems in the department's network -- infected desktops, unauthorized laptops connected to the network, classified e-mails sent over unclassified networks, and classified "data spillage."

Keith A. Rhodes, chief technologist at the U.S. Government Accountability Office and the man considered to be the fed's top hacker, said in an interview that the spotlight on security weaknesses at DHS should be a wake-up call because none of them are government-agency specific. They're problems that any company could be suffering from.

"They should be thinking about this," he said, adding that there are four major areas that CIOs and CSOs should be focusing on.

  1. Don't Be Cheap -- If you're in a position of authority, you've got to understand that you've got to put some money into this. It does not have to break the bank, but it does not come for free. CIOs and CSOs have to have a budget and they have to have the backing of the board. The board has to understand that they have something to lose.

  2. IT Must Talk To The Users -- IT managers and the IT workers down in the trenches need to understand what it is they're protecting. They're not just protecting boxes and machines. The people who are running the system have an obligation to talk to the users to understand the value of the information they're protecting. What is this information? How critical is it? Based on the value of certain information, they might, for instance, decide they need two-factor authentication in certain areas.

  3. Users Need To Be Vigilant -- Users need to understand that they have a mission -- a part to play in protecting their company. They need to keep their eyes and ears open about what's going on in the system and be aware of things that don't look right. A user has to notice when systems operate differently than normal. They have an obligation to tell someone if they are in the middle of doing something and the system logs them out and then asks them to log back in again. That could be a sign that someone is interjecting a fake log-in screen to capture passwords.

  4. Get Legal Involved -- The company has to understand what it can and cannot do in order to protect its systems. How can they appropriately and legally monitor employees? How do they go about collecting evidence after a breach? What is the company's relationship to local law enforcement and the FBI?

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
IT Careers: 10 Industries with Job Openings Right Now
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/27/2020
How 5G Rollout May Benefit Businesses More than Consumers
Joao-Pierre S. Ruth, Senior Writer,  5/21/2020
IT Leadership in Education: Getting Online School Right
Jessica Davis, Senior Editor, Enterprise Apps,  5/20/2020
White Papers
Register for InformationWeek Newsletters
The State of IT & Cybersecurity Operations 2020
The State of IT & Cybersecurity Operations 2020
Download this report from InformationWeek, in partnership with Dark Reading, to learn more about how today's IT operations teams work with cybersecurity operations, what technologies they are using, and how they communicate and share responsibility--or create risk by failing to do so. Get it now!
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Flash Poll