Trump's cybersecurity strategy kinda makes sense, so why delay? President Trump can't read, can't accept reality, and can't take a joke. Worrying and puzzling, indeed. But here's what's got computer security experts scratching their heads: why did Donald postpone signing a new cybersecurity executive order. According to a leaked draft, the order will hold US government department chiefs …
"Trump – furious that Bannon apparently edited the national security council order without the president's knowledge before it was signed off"
By him! He's upset that he didn't read what he was signing and yet Bannon is still defect president in his administration, it's truly terrifying.
"Trump – furious that Bannon apparently edited the national security council order without the president's knowledge before it was signed off"
Well spotted, that quote, a prime example of cyber BS, Trumps thought processes only extend to nine sesond sound bytes. He would be unable to absorb a whole paragraph at the same time. I suspect he's already showing signs of neurological decay.
One may hope, perhaps even with reason, that the cybersecurity order will be more carefully thought out and better staffed, and its implementation better planned, than the partial immigration suspension order of January 27. That would cause significant delay and indicate that the new crew at the White House are learning.
Based on the leaked draft, it is fairly likely that there is a lot of pushback from some agencies over what is to be done and how fast. The DoD, mostly, will be in fairly good shape, as they began long ago to tighten the screws, manage information security, and document their status. They will not find it hard to provide status and recommendations in 60 days. While they were well short of perfect five years back when I left their employ, they were far better than the State Department through at least the end of Secretary Clinton's tenure, or the Office of Personnel Management through early 2015; they, and probably a good many other agencies would find it hard or impossible to complete the evaluation in the required period, although the recommendations might be far easier, beginning with something like "maintain up-to-date security patch status."
That's just ANOTHER ploy of a leftist media to DIRTY our Dear LEADER, Father of the Nation, Light of civilization and Restorer of the White Old Males' Supremacy!
Designing scapegoats being the favorite game of the Unpresidented, I wonder why he didn't sign this
decree... maybe his friend Vladimir told him not to do so?
My agency has undergone years of budget cuts (real ones kids) and mandates to not hire so replacements are often high-priced contract help which just exacerbates the cash shortage. Add the sort of reluctance all senior management appears to have about giving money & power to the security shop (I saw this in private industry just as strongly) and the inertia we need to overcome is pretty large. We are making progress just not fast enough.
According to Stanley Baldwin (with a leg-up from Mr Kipling), power without responsibility has been the prerogative of the harlot through the ages.
On the other hand, responsibility without power would seem to be the prerogative of the scapegoat through the ages.
You've missed the other, more obvious probability. He's campaigning for a second term. He needs the political establishment and media screaming at him in protest to maintain his anti establishment image, despite being at the top of the establishment.
Signing this will make the headlines, and he's already in them. Expect him to sign this or something else that'll make the headlines as soon as the existing bits about him get out of the media.
Which ones? Pollution, electrical interference, workers' rights, drug testing, medical standards, building standards, vehicle construction standards, aeroplane construction standards, food standards, education standards, equality, animal welfare, telecoms regulation, etc... etc...
You can't just travel back in time to 1970 by ripping stuff up, the world is more complicated 50 years later.
People who should know better are saying it's a good idea. It sounds good for five seconds until you think about it.
Well, thats the thing, isn't it? Trump supporters don't think. Trump supporters believe their 'gut' is smarter than their brain, that if they want to believe it badly enough it will be true, that truthieness beats reality every time and anything they don't understand is witchcraft & must be destroyed. The fucked up electoral system, designed to protect the slave holders from reality has put these people in charge despite them being the minority of the nation. We are screwed.
RE: "People who should know better are saying it's a good idea. It sounds good for five seconds until you think about it."
I think in a nutshell, this is the real problem. As an analogy, I once had an argument with a friend, who insisted that a true friend will stick up for his mates, regardless of what they do, because, hey, that's what friends do...
So assume you walk into a pub with a friend. The 'friend' immediately proceeds to get hammered and ugly, and starts picking fights with everyone who glances his way. You, being far less aggressive and far more sober, try to steer him away from trouble all night, but he just won't stop being a douche, and eventually, fists start to fly.
If you stick up for him, you are now fighting on behalf of a dick who deserves everything he's getting. If you don't, you're letting a 'friend' down.
I think the polarization of pro\anti Trump camps is the same sort of situation. The pro Trump crowd in this case are like the drunk's mates who walked into the pub with him. They know he's being a dick, but because they supported him in the first place, they feel they have to continue defending him, even when his crap is likely to get them into all sorts of trouble.
Either that, or they are just a bunch of politically drunk a-holes as well....
He's just waiting 'till his youngest child is old enough to interact with the media... He's seen Putin retain control for 17 years and counting, so he's only got to wait 9 years for Barron to take charge.
"I have a son. He's 10 years old. He has computers. He is so good with these computers, it's unbelievable."
"why did Donald postpone signing a new cybersecurity executive order."
Because it would have made cabinet secretaries, agency heads, network administrators, system admins, and program managers accountable for cybersecurity.
Why Windows is less secure than Linux by Richard Stiennon
And there it is! The Pro-Linux brigade hijacking a thread to spread their love of an OS that is not, yet, ready for general usage*.
An OS is only as secure as the person touching the keyboard; put a numpty that likes to click on any links shown to them in front of a Linux PC and their information will be at risk in some way.
* Until *all* the software that is available for Windows, including games, is available and as easy to install on Linux as it is on Windows, and all the features of all the available hardware (e.g. Graphic Cards) is supported by Linux, it isn't ready for general use I'm afraid.
>>"Good try. Unfortunately for your comment, it didn't happen. One post does not a hijack make."
I count four. And yours makes it five.
And now mine has made it six. It's off-topic whether it's true or false (and it's false). Could the reason you're fine with someone ham-fistedly forcing their cause into the thread be because it's a cause you're favourable to?
And there it is! The Pro-Linux brigade hijacking a thread to spread their love of an OS that is not, yet, ready for general usage*.
Excuse me:
(1) It's anti-Windows, not just pro Linux. We share the love.
(2) Define "general usage". As a desktop, sure, it has a somewhat limited utility of you need more than word processing and email, but I would not touch Windows for serving anything exposed to the Net. We've had the Net around for a while now, but it still needs training wheels fitted in the form of anti virus before it can go anywhere near a public network. I don't see Google, Amazon or Facebook use Windows servers any time soon..
That's actually a good point. Who is liable if an attacker successfully intrudes via a backdoor that you are legally required to leave open, and you are legally forbidden from admitting exists. Someone has probably pointed this out, and it's currently gone for consultation behind closed doors.
Nice! I wouldn't put it past them, not that I have any choice in the matter. My money is on Rudy not being up to speed in "Cibar Securities" yet. He still needs to check these boxes:
1) read the Children's Big 3D Book of Computers and Things (published 1988, target age 8)
2) find a stick
3) carve it into a divining rod so he can "find the cibar baddies!"
4) blame the Clintons again when that does not work as planned
"It would be better to have a separate cabinet-level cyber leader, one with the technical and policy background to offer a real contribution.”
Is there any Turnip Cabinet member who actually has the relevant technical and policy background with regard to their assigned department?
Oh, wait, they have money. Good enough for the Orange One.
Anyone who has been in admin at a serious level knows how to stay a few steps ahead of the accountability.
Give them this memo and they will say - sure - I'll accept accountability - here is my assessment of what is needed to make this shit secure (long list of stuff with budgets follows). Its called CYA and these people know that in their jobs it is their number one priority cos their bosses are all politicians who will hang their granny out to dry before taking a hit.
Radical changes in direction in large organisations take time and money and (because it is all new) no-one quite knows how much of each. You can, to a degree, reduce the cost by increasing the time but you cannot reduce the time by much no matter how much money you throw at it because the specialist resources required to fulfill complex tasks are limited.
Yeah, we get it Trump bashers. You don't like him, and you love repeating the same stupid left wing racist-elitist talking points. Too bad you can't think critically and come up with original thoughts.
The problem in the Government, and how the RMF has been implemented is in those who are "ACTUALLY" responsible for each network's security. Currently this lies with individuals who are 0-7 or SES-1 level (or above). You aren't going to hold a general officer accountable; and there are very few flag officers who are deeply knowledgeable in information security. Not to mention the fact, many times these officers aren't physically located at the same base or city the network is. Just stupid, right?
They need to go back to allowing O-6 and GS-15 level officers and perhaps even O-5/GS-14 level officers take responsibility for networks. They need to increase the number of cybersecurity red teams, as well as ensure RMF standards are implemented and organizations are funded properly to meet certification and accreditation standards. Holding commanders responsible for networks which do not meet RMF standards, or have a POAM in place to correct deficiencies.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
