US DHS Slammed for Infosecurity Deficiencies

What a wonderful case of “Do as I say…not as I do”.  The realistic labor and cost implications of information security have alluded the federal government for far too long.  DHS clearly does not grasp practical IT management.  There is no sound argument as to why basic blocking and tackling has not been performed.  DHS has a huge target on its back.  It must lead this fight for US government agencies and not hide from it.

Krebs – DHS Giving Firms Free Penetration Tests

I could spend a great deal of time discussing the pros and cons of this DHS program, but I won’t.  I will remain largely altruistic in my interpretation.  Penetration testing is good.  Exposing vulnerabilities is good.  Hopefully remediation is taking place and the private sector is becoming more aware and more secure.

OK, I lied.  Here is a little pessimism   Hopefully, these assessments are taking the place of strong internal processes and hopefully they are not being used as a rubber stamp to avoid other sound security practices.

DHS Cybersecurity Staff Won’t Get Paid During Shutdown

This is disturbing considering the potential impact on financial institutions relying on the US Secret Service for financial fraud investigations and the overall need for protections around our nation’s critical infrastructure.  There are certain fights worth fighting in our nation’s capital, but these are not the chips I would choose to gamble with.