Federal Websites Still Lack Basic Security

This is yet another Federal example of “Do as I say…not as I do.”  There is no excuse for the Federal government not following and meeting or exceeding the standards it sets for websites and website security.


Trump’s promise on cybersecurity: what’s been happening?

This is an important process to monitor in Washington.  I am concerned that Federal IT modernization continues to be pushed to the back burner.  There are real issues with Federal IT infrastructure that must be addressed sooner rather than later.


Lawmakers Asking What ISPs Can Do About DDoS Attacks

This is an intriguing step by Senator Warner, and it poses several follow up questions.  I am personally unsure how an ISP can govern the devices on the inside of any user’s home router or firewall.  Obviously, from a technical perspective, certain outbound traffic from a home can be filtered, but it would be very difficult to determine the configuration or firmware version of the source device.

ISP’s, however, are capable of assisting in the fight against DOS and DDOS attacks, depending on the architecture of their infrastructure and the investments they are willing to make to build dynamic solutions for routing and “blackholing” malicious traffic.

I am glad to see this debate coming to the forefront and receiving some well-deserved attention.  The answers, however, are not quite as clear as we would like them to be.


Obama to Appoint First Federal Chief Information Security Officer

It is about darn time.  Considering the effort and burden that federal regulations and compliance requirements have generated for the private sector, it is certainly time for our government to look inward.  The mantra of “do as I say, not as I do” does not work for IT security.