Agility Loop

I know there are other tools out there to find out what has been interesting on the web over the last week.  However, the overwhelming flow of information on Google Buzz and Twitter sometimes makes it difficult to keep up.  So, I am going to start a weekly post that will highlight some interesting articles from the web, mostly the blogosphere, in relation to security, cyber, and government contracting.  Don’t be surprised though if I sneak in a couple of goofy links from time to time.

Bill Puts Contractors Out of Work – NextGov
There a ton of articles that document the government’s efforts to trim down the contractor workforce.  This particular article focuses in on how the beltway bandit establishment are fighting against change that may effect their wallets.

Understanding and Selecting a Tokenization Solution: Introduction – Securosis Blog
An in-depth introduction to tokenization in enterprise applications.  I actually stumbled upon this blog a couple of weeks ago and it is well worth following.  They cover a variety of security topics including log management, network data flow, and secure application development.

Paying for Classified Security – NextGov
An article that details the $$$s spent by the federal government on information security.  Ironically enough the costs were actually down between 2008 and 2009, although the number is still at $4.26 billion dollars…not including what the intelligence community spends.

Nightwatch
This less about an article and more about Nightwatch overall.  Great feed to follow to read in-depth goings on in the rest of the world.  Most updates feature editor commentary that give greater insight into situation such as the North Korean/South Korean submarine debacle.

Cryptography Success Story – Schneier on Security
A link to an article showcasing where encryption of a hard drive actually foiled both Brazilian authorities and the FBI.  Certainly a good thing from a protection perspecitve, but maybe not so good from an inteligence collecting angle.  The comments on Schneier’s blogs are always insightful (and entertaining) as well.

In today’s post, Jack Goldsmith and Melissa Hathaway contributed an article entitled “The cybersecurity changes we need“.  The authors criticize the current administration in their approach to cybersecurity and state that it is focusing on short term gains rather than the long term.

I have become a little exasperated by all of the sword rattling and cheesy commercials using the public’s fear of “taking down the power grid”.   I had hope for the article when it started:

The news is filled with scary stories about the insecurity of the computer and telecommunication systems on which our nation’s prosperity depends: malicious software planted in electricity-grid computers; rampant state-sponsored and criminal cyber-espionage and theft; and the possibility of cyberattacks on banking and transportation systems.

However, rather than make suggestions on what should be done, they take the rest of the article to criticize the administration for paying lip service  to cybersecurity and policies that have been established.  I don’t necessarily disagree with that thought, but I also think it is always more useful for all if a plan, even a high level one, is proposed. 

Cybersecurity (or insecurity) is DEFINITELY a threat as we all become increasingly “plugged in”.  BUT, like most topics that have billions associated with it, they hype can become quickly overblown into fears that the Chinese are hacking into the power grid on a regular basis.  A plan is all well and good, but a lack of high level influence within the administration has been a deterrent to actually getting things done.  The establishment of a cyber command, although somewhat scary due to its ties to the NSA, is a good first step.  One thing that I have learned while working in the military is that when shit hits the fan, it actually gets done.