A View from Simson Garfinkel
Even Homeland Security Dept. Can't Secure Its Computers
the House of Representatives’ Committee on Government Reform has given DHS an “F” for its internal computer security, according to this report by Robert Lemos in C|Net News.com.”For too long now information security has taken a back seat in the…
the House of Representatives’ Committee on Government Reform has given DHS an “F” for its internal computer security, according to this report by Robert Lemos in C|Net News.com.
“For too long now information security has taken a back seat in the collective conscience (sic) of our nation,” said a statement from Rep. Tom Davis, R-Va., the committee chairman. “We must come to the stark realization that a major Achilles heel is our computer networks.”
Perhaps, but for the short term, at least, terrorists will find it much more effective to blow up buildings than to hack into computer networks. Which do you think would have a bigger impact on our economy? A “super hacker” who manages to shut down the US portion of Internet for a day, or a terrorist who sets off three small package bomb and kills some shoppers in three different suburban malls?
Yes, the possibility exists for doing significant damage by computer, but right now the easy money is on physical attacks.
“The culture of our top-level CEOs in the private sector, and top executives in government, must be changed,” Davis said in the statement. “We must get those at the very top, the decision makers, the ones accountable to the shareholders, the customers or the electorate, to recognize that lack of network security in an organization is a material weakness and one that deserves necessary resources and immediate action.”
Given relative costs and benefits, one could argue that top-level CEOs are doing precisely the right thing — maximizing short-term profit.