To find John Crossno's comments, go to https://www.linkedin.com/company-beta/163187/
Then hit END 4 or 5 times (to cause the page to autoload more stuff) and search the page for COBOL. Beware, as he noted, they reposted it; you want the one from yesterday, not Friday (which has two comments). His are three of (to date) six comments: The underlying research that the article references is full of false information, partly because it misconstrues the Congressional report about the OPM breaches that occurred from 2012-2015, and partly because it implies that legacy = mainframe as opposed to legacy = "a system that is out of date and obsolete", as defined by the MGT Act legislation in 2015. Mainframes and COBOL have both been consistently enhanced, improved, and kept up with technology, or led the way. They are in no way obsolete or archaic technology. While a system written in COBOL was indeed the hackers target, the 34 documents that were taken were about the mainframe application, and some contained information from the mainframe database, but taken from file servers on the distributed network, not from the mainframe itself. The report also says that OPM was using old (legacy) technology to secure their network, and not employing then modern technologies, like MFA, PIV, as well as available intrusion detection software, etc. It's time to leave anything mainframe related out of further discussion and research, and focus on the legacy aspects of network security. Bottom line is that COBOL is NOT causing , nor attributing to the cause of security breaches. The research report used references mainframe and COBOL through the OPM report. Otherwise they just say legacy systems, legacy infrastructure, etc. thus implying, and leading the reader to believe that legacy=mainframe (and COBOL), although it doesn't say that anywhere. Done on purpose that way I imagine to be able to deny they said it. Regardless, perception=reality, right? The research talks about enhancements and improvements, investments, etc. made to legacy systems, and thus reducing the number of security breach incidents. So, I'll propose that the legacy systems and infrastructure in this article is about distributed networks, legacy desktop and file server operating systems, legacy network intrusion detection, legacy malware detection systems, and legacy authentication policies, practices, and methods... While implying that COBOL and mainframes are the cause of security breaches, and that modernization (moving off the mainframe) improves the security posture. The article, which seems to take the magical leap from the references of COBOL and mainframe to those systems being the cause of security breaches in U.S. Government systems. While it is most likely the investments in distributed systems security (intrusion detection, malware/virus scanners, updated versions of the operating systems used, probably newer network switches), use of MFA, PIV, and other security best practices, that are the real reasons why there are reductions in the number of incidents where hackers are successful. Security is like an onion. You must use various technologies, tools, methods, practices to protect each layer; and they must be kept up to date. Failure to do so invites the bad guys into your home. Do you leave a key to your house under a mat? Do you leave the keys or combination to your safe where it can easily be found? Of course, not. Do you have an alarm system on your home, possibly electronic locks, maybe some hidden cameras? Quite possibly. I sure do. Why do you treat your network, and system security any differently? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
