Re: DHS official suggests sharing resources to mitigate cyberattacks

[InfoSec News <alerts () infosecnews org>]

Forwarded from: Richard Forno <rforno (at) infowarrior.org>

YAWN.  More "information sharing" ideas being proposed....which makes it 
what, 15 years this has been brought up regularly as a major solution to 
help fix our cybersecurity problems? Didn't the IPTF, PCCIP and any 
number of white papers, reports, think tanks, and such since the mid-90s 
already make such recommendations?  Einstein had a term[1] for doing the 
same thing over and over while hoping for a different outcome.

Sharing data is useless unless folks (ie industry or gov) act upon it 
promptly .... or at least remedy their underlying vulnerabilities that 
allow Bad Things(tm) to happen, which they won't since it "costs too 
much."

The article cites the DHS guy saying that DDOS attacks have "been an 
eye-opening experience for a lot of very, very large organizations," 
W.T.F....F?  We've been sounding the alarm on this since at least 1999, 
seen a bunch of high-profile incidents in the years since, and it's 
*still* an "eye opening" experience for business?  That banks "may not 
have the capacity" (to deal with them) in 2012?  Whose fault is that? 
Who do we blame when Bad Things(tm) Happen?  Ahem, 1999 called, it wants 
its news cycle back!!

IMHO this vaunted Executive Order on Cybersecurity that's got the DC 
cyber-crowd all excited these days won't make one iota of difference in 
the grand scheme of things....but there are those who think it will, 
because to them "something" is better than "nothing."

Einstein really nailed it with that term [1], I think.

-- rick

[1] Idiocy.



On Oct 22, 2012, at 02:51 , InfoSec News wrote:

> http://www.computerworld.com/s/article/9232614/DHS_official_suggests_sharing_resources_to_mitigate_cyberattacks
>
> By Martyn Williams
> IDG News Service
> October 19, 2012
>
> Groups of companies in the same industry could pool infrastructure resources 
> to help each other mitigate the effects of cyberattacks and work together on 
> security issues, a senior official in the U.S. Department of Homeland 
> Security suggested on Friday.
>
> The comments by Mark Weatherford, deputy undersecretary for cybersecurity, 
> come as a handful of American banks are dealing with a fourth week of DDoS 
> (distributed denial-of-service) attacks on their websites.
>
> DDoS attacks are one of the simplest forms of cyberattack and seek to push 
> websites offline by overloading them with junk traffic so they cannot handle 
> legitimate requests from users.
>
> The attacks have hit banks including Wells Fargo, U.S. Bancorp, PNC Financial 
> Services Group, Citigroup, Bank of America and JPMorgan Chase, and have been 
> claimed by hackers in Iran.
>
> [...]
>
>
> ______________________________________________
> Visit the InfoSec News Security Bookstore
> Best Selling Security Books and More!
> http://www.shopinfosecnews.org


---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.



______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org