On Thu, Jun 18, 2015 at 7:50 PM, Stephen Satchell l...@satchell.net wrote:
On 06/18/2015 10:15 AM, Nick B wrote:
I wish I had some simple solution, but I don't, it's going to require
years, probably decades, of hard work by a motivated and skilled team.
Also, a stable of unicorns.
Not to
I think one of their major issues is that they look at too much of the network
at a time. If they decided they were going to secure a particular data center
or building, they might be much better off. If they start with defending the
servers from internal as well as external threats and then
-boun...@nanog.org] On Behalf Of Naslund, Steve
Sent: Friday, June 19, 2015 8:31 AM
To: Stepan Kucherenko; nanog@nanog.org
Subject: [EXTERNAL]RE: OPM Data Breach - Whitehouse Petition - Help Wanted
I think one of their major issues is that they look at too much of the network
at a time
leap here.
-- patrick darden
-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jim Popovitch
Sent: Friday, June 19, 2015 9:12 AM
To: nanog@nanog.org
Subject: [EXTERNAL]Re: OPM Data Breach - Whitehouse Petition - Help Wanted
On Fri, Jun 19, 2015 at 9:55 AM
No I intentionally left those out. Here is why. If they would do small
incremental work, they don’t get into the areas of congressional approval and
GSA. You can just do the small incremental projects under your IT operations
budgeting. There is a big misconception that everything requires
On Fri, Jun 19, 2015 at 9:55 AM, Darden, Patrick patrick.dar...@p66.com wrote:
Good point. It's a massive job, and sometimes it is best to look at those
piecemeal. Start with small goals, and pick low hanging fruit--your example
of the server room is good. Set it up with and IDS, a
On Fri, Jun 19, 2015 at 10:43 AM, Naslund, Steve snasl...@medline.com wrote:
No I intentionally left those out. Here is why. If they would do small
incremental work, they don’t get into the areas of congressional approval
and GSA. You can just do the small incremental projects under your IT
On Fri, Jun 19, 2015 at 12:12 PM, Naslund, Steve snasl...@medline.com wrote:
There is an OM budget created for the day to day operation and maintenance
of IT systems. This is approved along with your department's budget
annually. If you classify updating equipment as an OM function (which
Wrong. I was a government (US Air Force) network engineer for over 10 years
(not a contractor, a full time employee). There is an OM budget created for
the day to day operation and maintenance of IT systems. This is approved along
with your department's budget annually. If you classify
Here is their 2013 budget
https://www.opm.gov/about-us/budget-performance/budgets/2013-budget.pdf
Glancing through it they had a 2.1B total appropriation with 90.5M dedicated to
salaries and expenses where IT would fall. It appears that their CIO also has a
multi-year fund around 70M
Here is a great quote straight out of the OPM budget of 2013.
-
Human Resources Line of Business (HR LOB)
The Human Resources Line of Business (HR LOB) leads the government-wide
transformation of HR Information Technology by
according to this. I guess their Stronger IT
Leadership is not strong enough.
Steven Naslund
Chicago IL
-Original Message-
From: Naslund, Steve
Sent: Friday, June 19, 2015 12:30 PM
To: Naslund, Steve; Jim Popovitch; nanog@nanog.org
Subject: RE: OPM Data Breach - Whitehouse Petition
On Jun 17, 2015 8:56 PM, Ronald F. Guilmette r...@tristatelogic.com
wrote:
*) The Director of the Office of Personnel Management, Ms. Katherine
Archueta was warned, repeatedly, and over several years, by her
own department's Inspector General (IG) that many of OPM's
On Thu, 18 Jun 2015 16:34:46 -, Cryptographrix said:
From the sound of it, she ran into the ceiling of available workers that
were willing to work for the pay grade that the government offers for those
positions, which is usually much less than private industry offers and - as
a
Have to agree with Shawn on this.
If you watch her testimony in front of Congress, it is clear that she was
completely flustered at the inability to hire competent people, and the
lack of her superiors to prioritize the modernization project she had so
passionately advocated for.
When I've worked
On Wed, Jun 17, 2015 at 8:54 PM, Ronald F. Guilmette
r...@tristatelogic.com wrote:
My apologies in advance to any here who might feel that this is off
topic... I don't personally believe that it is. Frankly, I don't
know of that many mailing lists where the subscribers are likely to
care as
Having worked for several departments like this, I can assure you her
flustsration was not about her inability to hire competent people or the
lack of her superiors to prioritize the modernization project. Unless you
have worked for the Federal Government it's almost impossible to understand
the
On 06/18/2015 10:15 AM, Nick B wrote:
I wish I had some simple solution, but I don't, it's going to require
years, probably decades, of hard work by a motivated and skilled team.
Also, a stable of unicorns.
Not to mention an Act of Congress. Oh, wait...
Based on prior work in this space, the problems are as follows:
0. Political appointees don't stick around for long, therefore they can
always point to the last guy as the problem. They are also gone, before
impact of lack of security focus impact their jobs.
1. Executives and middle
Absolutely Bill,
That is always the case with the government (I have worked with them a lot).
They build lots and lots of procedure and process and dumb standards (mandatory
POSIX compliance?!?!?, that was a good one) when step one would have been to
get current firewall technology in place,
On Thu, Jun 18, 2015 at 1:15 PM, Nick B n...@pelagiris.org wrote:
Having worked for several departments like this, I can assure you her
flustsration was not about her inability to hire competent people or the
lack of her superiors to prioritize the modernization project. Unless you
have
On Wed, Jun 17, 2015 at 8:54 PM, Ronald F. Guilmette
r...@tristatelogic.com wrote:
I've just started a new Whitehouse Petition, asking
that the director of OPM, Ms. Archueta, be fired for gross incompetence.
Hi Ronald,
The core problem here is that the Authority To Operate (ATO) process
--- b...@herrin.us wrote:
From: William Herrin b...@herrin.us
The core problem here is that the Authority To Operate (ATO) process
consumes essentially the entire activity of a USG computing project's
security staff. The non-sensical compliance requirements, which if
taken literally just about
--- r...@tristatelogic.com wrote:
From: Ronald F. Guilmette r...@tristatelogic.com
I _do_ understand the point you are making. But if you are charged with
the safekeeping of untold millions of extraordinarily detailed personal
data files, and if you don't have the resources to do your job
In message cappyguwcb-r3ozythm+ywtapgdtyon+j3l6t+n0a7eaf6_c...@mail.gmail.com
Cryptographrix cryptograph...@gmail.com wrote:
If you watch her testimony in front of Congress,...
I did, actually. And it pissed me off so much that I started the
petition (to get her fired).
I encourage everybody
On Thu, Jun 18, 2015 at 04:34:46PM +, Cryptographrix wrote:
Have to agree with Shawn on this.
If you watch her testimony in front of Congress, it is clear that she was
completely flustered at the inability to hire competent people, and the
lack of her superiors to prioritize the
On Thu, Jun 18, 2015 at 11:00:00AM -0400, shawn wilson wrote:
If the argument is that she should've shut down the network or parts of it
- I wonder if anyone of you who run Internet providers would even shut down
your email or web servers when, say, heartbleed came out - those services
aren't
18.06.2015 18:00, shawn wilson wrote:
I'd actually be interested in a discussion of how much you can possibly
improve / degrade on a network that big from a management position.
That's quite an interesting topic, isn't it ?
Dilbert still has his job so it might as well be immutable. :-)
Harry Hoffman hhoffman at ip-solutions.net wrote:
I think it would be great if you were to include some source links in
your petition/email so that folks unaware of the specifics can educate
themselves in a non-partisan and factual manner.
Well, as regards to the petition itself, I can't
In message CAOxD=zU=i2umedlixoonqyw-3cf9rdff4en+kjg_sdcwdip...@mail.gmail.com
Tyler Mills tylermi...@gmail.com wrote:
This is the government... you have to put on your bizarro-economics and
bizarro-ethics glasses for the State to make sense.
It does not operate like a market. Failure results
My apologies in advance to any here who might feel that this is off
topic... I don't personally believe that it is. Frankly, I don't
know of that many mailing lists where the subscribers are likely to
care as much about network security (and/or the lack thereof) as the
membership of this list
This is the government... you have to put on your bizarro-economics and
bizarro-ethics glasses for the State to make sense.
It does not operate like a market. Failure results in people being
shuffled around, and larger budgets. Failure justifies more control and
power. People get taken down for
--- r...@tristatelogic.com wrote:
From: Ronald F. Guilmette r...@tristatelogic.com
*) The Director of the Office of Personnel Management, Ms. Katherine
Archueta was warned, repeatedly, and over several years, by her
own department's Inspector General (IG) that many of OPM's
I think it would be great if you were to include some source links in
your petition/email so that folks unaware of the specifics can educate
themselves in a non-partisan and factual manner.
Just my $0.02.
Cheers,
Harry
On 6/17/15 8:54 PM, Ronald F. Guilmette wrote:
My apologies in advance to
34 matches
Mail list logo