Aren't the largest breaches in the non government sector, still?  

 

> AndreaMoore (Community Manager) posted a new topic in Industry News on

>   What are your thoughts on the recently issued Executive
> Order on Improving the Nation’s Cybersecurity?

Every incoming US president creates a security/information security/cybersecurity
panel. They get a bunch of CEOs, and a few people who know what they are
doing, and sit around for three years, and then produce a report. I assume that the
executive order is just speeding up the process by recycling the old reports, since
they are always the same.

>   Removing Barriers to Sharing Threat Information

One of the things that they always do is say that there should be more sharing of
information. This is always hailed by industry leaders, until they realize that what
the government means by "sharing" information is that you tell the government
everything, and the government tells you nothing.

> How impactful do
> you feel these directives will be?

At the end of this line there is a dot that is the size of the impact this order will
make

======================
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
"Cybersecurity Lessons from CoVID-19" CRC Press 978-0-367-68269-9
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
http://en.wikipedia.org/wiki/Robert_Slade
https://is.gd/RotlWB http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

Let me know when they will pass GDPR for the US? Many places need the possibility of heavy fines in order to start getting their houses in order..

 

John-

Having spent 25 years in the US federal government I can tell you this. The best and brightest minds are not working there, especially since I left (HAHAHAHAHA!). The problem is that they cannot afford the best talent because of the archaic HR system and incompetent HR practitioners. And also archaic procurement rules. I switched multiple federal jobs due to HR incompetence. Why did I stay for so long you may ask? Simple. Job security. It was comfortable and reliable. I watched as coworkers sitting right beside me as contractors made 50K/year more than me for doing the same job, well without the fact that I had to approve their work. I saw plenty of lucrative positions that I didn't want to take the risk on since I had a young family. Now that they are almost grown and out of the house, I plan to make the jump and take more risks. I saw plenty of bright young talent leave after gaining a few years experience for more lucrative positions that we in the federal government couldn't match. You really want to fix US government cybersecurity? Pay more. Be able to fire the poor performers. In my 25 years of US federal service I saw plenty of incompetent workers able to keep their job because they were either protected by unions or there were plenty of old HR rules to make it nearly impossible to get rid of poor performers. 

 

Seems like there is always money available AFTER an incident than there was before. So you have to have a crisis to get better. Add in to that the disjointed nature of the myriad of government agencies, you see the same money being spent multiple times by different agencies to solve THE SAME PROBLEM!

 

And don't get me started on the antiquated technology being used.

 

Information sharing???? out of the 16 intelligence agencies, exactly 0 trust the other agencies with their gathered intelligence and only share sparingly or when forced to. No agency wants to be eliminated because another agency is doing the same job and gathering the same data. Plus they all want to feel special and unique.

 

They should have just hired me for a large salary and I could have fixed it all for them. But their budget is only so big, and HR says I haven't held "high" enough positions or their computer screened me out because I didn't check the right boxes or the HR practitioner doesn't understand what a CISO or CIO actually does and can't relate my experience to the position or I didn't put the exact right keywords in my resume, etc. etc.