back to article Pentagon on manual mission to build nation-wide security database

US Defence bureaucrats are bashing numbers into a database in a bid to develop what the agency hopes will become an automated security scorecard, assessing vulnerability exposure across the country's networks and weapons systems. The scorecard is at present a manual effort to help identify vulnerabilities and propose the means …

  1. Pascal Monett Silver badge

    "almost every major US weapons system contained vulnerabilities"

    Almost ?

    So there's one that doesn't contain vulnerabilities ?

    That's a win, then !

    Which one is it ? Oh, it's the coffee planner. Oh well.

    1. Wzrd1 Silver badge

      Re: "almost every major US weapons system contained vulnerabilities"

      Yeah, the NSA doesn't contain vulnerabilities after Snowden left.

  2. Graham Marsden
    Facepalm

    What's the betting...

    ... that someone will manage to leave this list on a laptop or USB stick in a taxi...?

    1. Elmer Phud

      Re: What's the betting...

      Or it's all just lifted with ease?

    2. Wzrd1 Silver badge

      Re: What's the betting...

      DoD instituted encryption of data at rest after the cyberattack debacle of 2008. By late 2009, encryption was ordered and instituted for all portable systems and media.

      That said, it's easier to get the data from a running system, after an idiot downloads something cool in the e-mail or goes to a compromised watering hole.

      The 2008 cyberattack was initiated by a few USB flash drives scattered in a parking lot, the idiots who configured the systems didn't follow the DoD baseline that disabled autorun and didn't bother with antivirus scan on insert.

      But, my installation didn't have that problem, as I had fought major battles to get onto the authorized DoD baseline configuration and I configured antivirus to be paranoid about what got plugged in. We still had detections from one unit coming back from an infected AOR, but detection and deletion occurred and we had the machine wiped and baselined on principle.

      The idiots were lauded as heroes for working thousands of hours of contract overtime, whereas I was the villein for not being an idiot like them.

      What can one say other than, idiots prevail only in government. Businesses taking that kind of loss sack the idiots.

      Retaining the idiots in management.

      Oh, after the DoD emptied out every US and European system administrator, plus the NSA of system administrators to clean up the mess to a tune of one billion dollars, within a month, the infection returned via the same vector - the infected drives that the idiots never scanned and cleaned.

      The second wave cleanup costs remain classified.

      But, the contracting vendor made a fortune cleaning up the mess that its workers created - twice.

  3. Frederic Bloggs

    How about this one?

    A central database accessed by 6200 people in 133 locations. It's just a boring database with a load of miscellaneous administrative data that is of no interest to anyone but us chickens. Anybody see anything that could go wrong with that?

    No? Thought not. It'll be fine.

    1. Wzrd1 Silver badge

      Re: How about this one?

      It'd be either on JWICS, an independent network that holds top secret and sensitive compartmentalized information or on SIPRnet, an independent network that holds confidential and secret information.

      Most of the information on JWICS is the stuff that would start WWIII, or more commonly, excruciatingly boring information about really mundane things discovered by classified things, how nation sponsored APT malware works, who shot JR and similar boring crap. Well, that and how to build a thermonuclear weapon, if you have access to that specialized, segregated part of the network.

      SIPRnet has the more interesting things, which nation did what, how and why that would cause trouble if it was openly disclosed, who sponsored which APT, *every* intelligence hit on where Osama bin Laden was thought to be, Apache gunship gunsight videos, a few SAS, US SF, US SEAL team, US Ranger team missions (the really interesting ones are on JWICS, the rest on SIPR), embarrassing thinks, such as what diplomats actually think of their foreign peers, etc.

  4. zen1

    Dear El Reg... in addition to all of my other frivolous requests, I'd like to request a dr. strangelove icon for situations just like this.

    1. Wzrd1 Silver badge

      Strangelove, no.

      An illustration of a black hole comes more accurately to mind.

      Considering this was a goal back in 2003 and has arisen from the dead again.

      No, maybe a zombie graphic would be most accurate, a zombie fail graphic.

  5. AbeSapian

    What Me Worry?

    I'm not so worried about the ICBMs as I am the fridges.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like