Sunday, December 21, 2008

Sense of Urgency: This is not a drill!

Where is the sense of urgency?

This article from Federal Computer Week has a knack for stating the obvious. Does this sum up where we are in regards to protecting our country from cyber-attacks?

Sorry for the snark below.

BREAKING NEWS: Cyberattack simulation highlights security challenges

Article says: The simulation also illustrated some challenges the Obama administration and next Congress will face in terms of cybersecurity, they said.

Marcus says: Challenges that we WILL face? Are we not facing them now? Have we not been facing them for years at this point? Did anyone miss the article linked below? Why did we need a joint exercise to illustrate problems that have been apparent for years?

Article says: “There was a great realization that we are all in this together,” said Gerencser. “And what got uncovered in the game is that there were interdependencies that we didn’t quite understand or appreciate before.

Marcus says: You have to be kidding me. How long have we been doing this? Are you telling me that we are being attacked and are just getting to understand interdependencies? The answer is, "YES!".

Article says: “This will be an ongoing effort,” Langevin said. “The cyberthreat itself is ever changing and ever evolving, it is going to be very difficult to stay one step ahead of it, but that’s what our goal has to be.”

Marcus says: This is such a cliche moment. I wonder how much money this exercise cost. Is this something that we didn't already know? This is my tax dollars here at work.

Quick Conservative Number crunching:

230 people for a 48-hour exercise.

230 (personnel) * 40 (billable hours per person) * $225 (hourly rate + overhead) = $2,070,000.00

It probably cost much more than that :(.

My point is that we need to have this down by now. As my friend Eoghan Casey says, "We need to establish a home-court advantage on our networks!". This article illustrates that we are spinning our wheels. This is the equivalent of being in Iraq and pretending that you are practicing at Fort Hood. This is not a drill!

On a lighter note. Have a Merry Christmas and Wonderful Holidays!

- Marcus J. Carey

1 comment:

  1. Marcus,

    Having been through one of these DHS/BAH cyber exercises there a couple of possibilities here:

    1) The exercise itself could have had such low expectations (i.e. rigged for success) that there are no profound findings. So many of the FCW cyber articles are worthless.

    2) There were some interesting findings but they were not released to avoid someone looking bad or for other obvious reasons.

    And of course both can be true.

    Merry Christmas!