[NNagain] cybersecurity is not a talent problem
Dick Roy
dickroy at alum.mit.edu
Thu Nov 9 01:21:31 EST 2023
Your points are mostly if not all quite valid. And so is Paul's. AFAICT, you are speaking ex post facto, which is perfectly fine given that we all live "ex post facto". IMO, Paul's point is that going forward the thinking must change from "filling security holes when you find them" to "do your best to eliminate the ability to dig holes in the first place." Thus, your arguments have merit "ex post facto", and Paul's have merit "a priori". So ... you are both right!
RR
-----Original Message-----
From: Lee [mailto:ler762 at gmail.com]
Sent: Wednesday, November 8, 2023 6:26 PM
To: dickroy at alum.mit.edu; Network Neutrality is back! Let´s make the technical aspects heard this time!
Subject: Re: [NNagain] cybersecurity is not a talent problem
On Wed, Nov 8, 2023 at 7:58 PM Dick Roy via Nnagain wrote:
>
> Yes, today one can argue that there is a shortage of talent, however Paul's point was that that I s not the first problem to solve, in fact the problem that must be solved first is:
>
> " We're in a hole, here, folks. The first thing we should do is: stop digging.”
>
> ... and he is right IMHO!
If Katherine Archuleta had enough talent to heed the warnings from the
IG there's a chance there wouldn't have been a breach. The
organization should have been well past the "stop digging" phase when
the breach occurred.
> > https://www.linkedin.com/pulse/lack-talent-problem-cyber-paul-vixie/
> > Nothing that happened at OPM, or failed to happen at OPM, was the fault of its leadership team.
Wrong. At the very least, management should have been closing the
holes that had been identified.
again, looking at
https://oversight.house.gov/wp-content/uploads/2016/09/The-OPM-Data-Breach-How-the-Government-Jeopardized-Our-National-Security-for-More-than-a-Generation.pdf
on page 6
How the Breach Happened. Despite this high value information
maintained by OPM, the agency failed to prioritize cybersecurity and
adequately secure high value data. The OPM Inspector General (IG)
warned since at least 2005 that the information maintained by OPM was
vulnerable to hackers.
The leadership team ***was warned***. Given that they "failed to ...
adequately secure high value data", how is whatever did or didn't
happen at OPM _NOT_ the fault of the leadership team?
I'll agree that
> > Katherine Archuleta should not have had to ... be an expert on "cyber" security
But she _did_ need to listen to the experts that were warning her
about how bad security was. And she needed enough talent to realize
that she should heed the warnings from her cyber security experts.
> and also because she had a reasonable expectation that somebody, somewhere, knew how completely and ruinously bad all of the IT (Information Technology) in the world was, and would have told her that there was no safety anywhere except on paper, in filing cabinets, guarded by the U.S. Military.
Seriously? There is no absolute security so no matter how much
leadership ignores warnings, or how bad the security is in the
organization they're running, it's not their fault when a security
breach happens?
Do you really buy that? Would you be OK with your bank or any other
organization that has your PII thinking like that?
speaking of which.. How do you feel about Equifax? Oh well.. nothing
that could have been done, they should have been put out of business
or something in between?
Regards,
Lee
>
> RR
>
> -----Original Message-----
> From: Nnagain [mailto:nnagain-bounces at lists.bufferbloat.net] On Behalf Of Lee via Nnagain
> Sent: Wednesday, November 8, 2023 2:47 PM
> To: Network Neutrality is back! Let´s make the technical aspects heard this time!
> Cc: Lee
> Subject: Re: [NNagain] cybersecurity is not a talent problem
>
> On Wed, Nov 8, 2023 at 2:22 PM Dave Taht via Nnagain wrote:
> >
> > Paul Vixie reposted this old piece of his, even more relevant today, than 2015.
> >
> > https://www.linkedin.com/pulse/lack-talent-problem-cyber-paul-vixie/
>
> I disagree. With a lot, but let's just go with this
> > The "cyber" security problems that the US Government, and every other government, and every large and medium enterprise are all coping with today do not stem from lack of "cyber" talent.
>
> Take a look at
> https://oversight.house.gov/wp-content/uploads/2016/09/The-OPM-Data-Breach-How-the-Government-Jeopardized-Our-National-Security-for-More-than-a-Generation.pdf
>
> on page 9:
> The bottom line. The longstanding failure of OPM's leadership to
> implement basic cyber
> hugiene, such as maintaining current authorities to operate and
> employing strong multi-factor
> authentication, despite years of warnings from the Inspector General,
> represents a failure of
> culture and leadershit, not technology.
>
> There is no substitute for talent.
>
> Regards,
> Lee
> _______________________________________________
> Nnagain mailing list
> Nnagain at lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/nnagain
>
> _______________________________________________
> Nnagain mailing list
> Nnagain at lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/nnagain
More information about the Nnagain
mailing list