Share
Archive
- May 2013 (2)
- April 2013 (4)
- March 2013 (2)
- February 2013 (5)
- January 2013 (3)
- November 2012 (2)
- October 2012 (4)
- September 2012 (5)
- August 2012 (5)
- July 2012 (2)
- June 2012 (4)
- May 2012 (3)
- April 2012 (4)
- March 2012 (1)
- February 2012 (4)
- January 2012 (2)
- December 2011 (2)
- November 2011 (4)
- October 2011 (3)
- September 2011 (4)
- August 2011 (4)
- July 2011 (4)
- June 2011 (5)
- May 2011 (4)
- April 2011 (4)
- March 2011 (2)
- February 2011 (3)
- January 2011 (3)
- December 2010 (3)
- November 2010 (4)
- October 2010 (3)
- September 2010 (3)
- August 2010 (3)
- July 2010 (3)
- June 2010 (1)
- May 2010 (2)
- April 2010 (2)
- March 2010 (2)
- February 2010 (1)
- January 2010 (1)
- December 2009 (1)
- November 2009 (1)
- October 2009 (2)
- September 2009 (1)
- August 2009 (2)
- July 2009 (1)
- June 2009 (2)
- May 2009 (1)
Categories
Popular Tags
|
You see, my stepfather was a bookie – "turf accountant" as they're known in the old world – so, I know a little bit about the ponies. If you had a horse with excellent breeding, build, and upbringing, we'd call that a CERT – as in certain to win. If that CERT can't manage to win, or for that matter show or place, the first thing the trainer does is change its routine. If that fails, they change the jockey. And if that fails, the owner changes the trainer. Well, if Federal cyber security were a horse – CERT – I think we'd all consider it an important mount. So let's study the form back to 1990. We've seen a lot of this colt in the paddock and the owners have pumped out a lot of paper underlining their commitment and race strategy – see Clinton's PDD 63, Bush 43's NSSC, and now Obama's 60-day Cyber Review. In the last five years, CERT has had four jockeys – Yoran, Purdy, Garcia, and Kwon. And now we have a new rider – Randy Vickers, promoted from within DHS NCSD. Since 2003, we've seen trainers come and go – Clarke, Beckstrom, and now Hathaway. In the same timeframe, the Feds have lost their FISMA religion; TIC is at best confused; and every Tom, Demetri, and Hao is galloping through our cyber defenses. Oh, and the cloud push is significantly increasing the complexity of the problem – or perhaps affording an opportunity for a new, innovative, and more elegant solution? It's not like hackers and uniformed cyber warfare officers from competing nation states are pipping CERT at the line. At most meets we can't even get our pony into the starting gate. It's no wonder that a series of candidates have passed on the opportunity to fill Hathaway's shoes. Considering performance, to put it politely, you'd have to be crazy to take a flutter on this gee-gee. So, is CERT headed for the glue factory, and if so, why? And, what, you may ask, do I know about Fed cyber security, U.S.-CERT, NCSD, and the public-private debate on securing our nation's cyber space? Well, I spent the longest year of my life working onsite at DHS NCSD at the GSA building at 7th and D, SW. Kiss and tell really seems to be the done thing these days – even the former vice president's firm upper lip is flapping. Without going into details, I can say that the organization was the most dysfunctional I have ever encountered in 20 years in the government IT community. Vicious infighting among the appointees, career/contractor wrestling matches, non-profit calculated ambivalence, government affairs operatives that leak like sieves to The Washington Post, directionless public-private partnership meetings, the list goes on. I sincerely hope that things have changed significantly since my time at DHS – a time when I watched the hard work and initiative of talented government professionals rewarded with distrust and derision. I believe that this dysfunctionality is the fundamental source of the national cyber security problem. If you take exception with my title – you absolutely should. However, the undeniable truth is that our failure to act appropriately is ceding control of our nation's cyber infrastructure to our adversaries. The definition of insanity is to assume the same behavior and expect a different outcome. We have ample documentation of the problems. We have no shortage of initiative, innovation, and integrity in both the public and private sectors. Why not define a budget and challenge our best and brightest to propose a series of competing holistic solutions – and evaluate those proposals based on their merits? And then move swiftly to operationalize. It’s time to completely change the race – not merely change the silks and ride on. Considering the economic gravity of America's Internet infrastructure, it's time to learn from the past – not gamble with our future. |
|
A smaller, more expensive government. Contractors hire govies and bill them back to Uncle Sam at marked-up rates. That's been the story of the last 20 years. Well, rumors out of DHS indicate that the tide is turning. Agencies are offering contractors raises to jump the fence to government. Same job. Same office. Just change badges -- and everybody wins...except the contractor. If this turns into a trend across government -- and the momentum is certainly in that direction -- contractors are in a difficult spot. Isn't it difficult to cry foul if Uncle Sam follows your precedent? So, what does it mean for our community? We should listen for perspective from the Stan Soloway and the Professional Services Council to be sure. Cyber security experts seem logical first targets for insourcing. Will we see contractors try to introduce measures to deter on-site staff from "going native"? How will unions react if alluring packages upset the balance in Fed pay scales? If the Obama administration is going to stay true to its change mantra, it needs to change a few things -- and seems to be doing so. The question, is our appetite for change healthy or are we biting off more than we can chew?
|
