Is FEMA The Best Group To Model A Cybersecurity Agency After?
from the proactivity dept
There's been a lot of talk about the cybersecurity policy actions the Obama administration will undertake, with few clear ideas on exactly what such a policy should entail, or what powers the much-discussed cybersecurity "czar" should have. One of the supposed leading candidates for the czarship says that what the country really needs is "a FEMA for the internet" that can coordinate responses to electronic attacks and problems. The wisdom of invoking the idea of another FEMA doesn't seem too wise, given the agency's rather tarnished reputation following its ham-fisted response to Hurricane Katrina and other disasters, but leaving that aside, there may be deeper issues. FEMA's role is largely preparedness for and reaction to natural disasters; shouldn't a cybersecurity agency be focused more on prevention than reaction? The idea of something like FEMA makes sense in the context of natural disasters and emergencies, since they are largely unpreventable and inevitable. But isn't cybersecurity an area in which prevention of disasters and attacks is arguably more important?Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cybersecurity, fema, government, politics
Reader Comments
Subscribe: RSS
View by: Time | Thread
Are you sure this wasn't a line from the Simpsons?! The Onion?!
[ link to this | view in chronology ]
REX 84 & FEMA
http://uweb.txstate.edu/~lf14/conspire/rex84.html
[ link to this | view in chronology ]
Re: REX 84 & FEMA
"The first targets in any FEMA emergency would be Hispanics and Blacks."
I love a good conspiracy theory as much as the next guy, but whoever authored this pile of shit could at least take a minute to update his/her racial profiling targets to include the pariah ethnicity du jour.
Never mind, I'm probably screaming at the deaf here.
[ link to this | view in chronology ]
Re: Re: REX 84 & FEMA
I see you chose to ignore:
The first targets in any FEMA emergency would be Hispanics and Blacks, the FEMA orders call for them to be rounded up and detained. Tax protesters, demonstrators against government military intervention outside U.S. borders, and people who maintain weapons in their homes are also targets.
There is nothing racist about that comment. Stop being a fool by trying to discredit someone by labeling them a bigot. STRAWMAN
FEMA - The Secret Government
By Harry V. Martin with research assistance from David Caul
http://www.sonic.net/sentinel/gvcon6.html
http://www.sonic.net/sentinel/wrprof.html
There are more than enough articles about REX84. If you choose to ignore them then that makes you an average American.
[ link to this | view in chronology ]
Re: Re: Re: REX 84 & FEMA
Once I worked with a guy who was so convinced that USA has satellites capable of creating earthquakes that he almost kicked my ass when I couldn't stop laughing at him.
I have no beef submitting to the likely existence of these measures. But the conclusions drawn are just beyond anything I have giggled at in a long time.
600 empty prisons. Well, at least the guards have a job in this economy :D
[ link to this | view in chronology ]
Re: Re: Re: Re: REX 84 & FEMA
Terry Kings wrote an article on his discoveries of camps located in southern California. Here are some of his findings:
The first camp we observed was in Palmdale, California. It is not operating as a prison at the moment but is masquerading as part of a water facility. Now why would there be a facility of this nature out in the middle of nowhere with absolutely no prisoners? The fences that run for miles around this large facility all point inward, and there are large mounds of dirt and dry moat surrounding the central area so the inside area is not visible from the road. There are 3 large loading docks facing the entrance that can be observed from the road. What are these massive docks going to be loading?
We observed white vans patrolling the area and one came out and greeted us with a friendly wave and followed us until we had driven safely beyond the area. What would have happened had we decided to enter the open gate or ask questions?
This facility is across the street from the Palmdale Water Department. The area around the Water Department has fences pointing outward, to keep people out of this dangerous area so as not to drown. Yet, across the street, the fences all point inward. Why? To keep people in? What people? Who are going to be it’s occupants?
There are also signs posted every 50 feet stating: State of California Trespassing Loitering Forbidden By Law Section 555 California Penal Code. The sign at the entrance says: Pearblossom Operations and Maintenance Subcenter Receiving Department, 34534 116th Street East. There is also a guard shack located at the entrance.
We didn’t venture into this facility, but did circle around it to see if there was anything else visible from the road. We saw miles of fences with the top points all directed inward. There is a railroad track that runs next to the perimeter of this fenced area. The loading docks are large enough to hold railroad cars.
Another site is located in Brand Park in Glendale. There are newly constructed fences (all outfitted with new wiring that point inward). The fences surround a dry reservoir. There are also new buildings situated in the area. We questioned the idea that there were four armed military personnel walking the park. Since when does a public park need armed guards?
A third site visited was in the San Fernando Valley, adjacent to the Water District. Again, the area around the actual Water District had fences logically pointing out (to keep people out of the dangerous area). And the rest of the adjacent area which went on for several miles was ringed with fences and barbed wire facing inward. Also interesting was the fact that the addition to the tops of the fences were fairly new as to not even contain any sign of rust on them. Within the grounds was a huge building that the guard said was a training range for policemen. There were newly constructed roads, new gray military looking buildings, and a landing strip. For what? Police cars were constantly patrolling the several mile perimeter of the area.
From the parking lot of the Odyssey Restaurant a better view could be taken of the area that was hidden from site from the highway. There was an area that contained about 100 black boxes that looked like railroad cars. We had heard that loads of railroad cars have been manufactured in Oregon outfitted with shackles. Would these be of that nature? From our position it was hard to determine.
In searching the Internet, I have discovered that there are about 600 of these prison sites around the country. They are manned, but yet do not contain prisoners. Why do they need all these non-operating prisons? What are they waiting for? We continuously hear that our current prisons are overcrowded and they are releasing prisoners because of this situation. But what about all these facilities? What are they really for? Why are there armed guards yet no one to protect themselves against? And what is going to be the kick-off point to put these facilities into operation?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: REX 84 & FEMA
[ link to this | view in chronology ]
But ...
Just imagine what it would be like if they designed the 'perfect' security system and so didn't worry about what they would do if it got breached because that is "impossible." They'd be caught with their proverbial pants around their ankles and the hacker would ravage their system as he/she/it wanted to.
So FEMA might be a bad model to work from but don't you dare just focus on prevention, you must work to prevent security breaches but you better have a backup plan
[ link to this | view in chronology ]
That's because the federal government just isn't equipped - nor should they be - to take the lead in recovery from a natural disaster. Katrina was a mess because no one local took charge. They waited for the federal agency to come take over.
That is precisely why no computer network should be reliant on federal aid. FEMA exists to help local leaders. What sort of help would a federal agency provide to local network admins? Why should they? It really sounds like you're accepting the premise that the government might actually have a role, but I don't see a reason to accept that.
[ link to this | view in chronology ]
FEMA hasn't always been a joke
But honestly, FEMA has not always been a terrible joke. You will get this problem any time y take any agency or business and put someone totally unqualified at its head based entirely on political loyalty rather than competence and qualifications.
[ link to this | view in chronology ]
Now what happened about eight years ago what a disaster for FEMA.
A new president was elected, and a rotation of "leaders" were initiated.
The result was a large quantity of inexperienced friends, family members, neighbors and pets finding themselves with a nice income and a job they had no clue about how to perform.
The result was evident in New Orleans.
One could easily argue that FEMA wasn't the only organization suffering due to change in management.
Now this isn't specifically to provoke W fans. The rotation happens after all elections.
But rarely with as disastrous results as what we have been witness to for almost a decade.
[ link to this | view in chronology ]
Only generally?
But rarely with as disastrous results as what we have been witness to for almost a decade.
-- If this wasn't to provoke, the last sentence was entirely unnecessary.
[ link to this | view in chronology ]
Re: Only generally?
You can not prove there have been none.
I understand you are unhappy with the current leadership but it is irrelevant.
My statements supports my initial argument that FEMA is likely a good model.
And that is all the time I am going to spend on you.
[ link to this | view in chronology ]
What's wrong with NIST?
http://csrc.nist.gov/groups/SMA/fisma/index.html
Security is never absolute and with an organization as big as the federal government you'll always find laggards, but by and large I think NIST (Nat'l Institute of Science and Technology) has done a pretty good job moving toward the goals of FISMA (Federal Information Security Management Act).
Adding governance of private cybersecurity would be a curve ball. Perhaps whoever thinks this is a good idea sees the geopolitical effects of state-run chinese IT efforts and thinks we need to replicate these efforts. I have my doubts about such an approach. For instance, we have open records laws and I suspect many of us would like to keep them.
[ link to this | view in chronology ]
Plan for the Best, Prepare for the Worst
FEMA actually had a very good track record before the last administration and the handling of Katrina, such as dealing with the aftermath of Hurricanes Hugo and Andrew. When actual disaster management professionals are put in charge (as opposed to former commissioners of the International Arabian Horse Association), they can be quite effective.
FEMA is probably a good model for one part of the federal cybersecurity equation.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Cyber security czar
[ link to this | view in chronology ]