What is the U.S. doing about security?

What is the U.S. doing about security?

Summary: I've been terrible busy lately.  Hopefully you all here haven't noticed, as I've been working hard to still keep my posts flowing, but I've just got time to catch up with several blogs that I read often.

SHARE:

George Bush Confused

I've been terrible busy lately.  Hopefully you all here haven't noticed, as I've been working hard to still keep my posts flowing, but I've just got time to catch up with several blogs that I read often.  One of those blogs is the Emergent Chaos blog (shoutz to Adam Shostack).  On the blog recently, there was a great story from the Washington Times that Arthur commented on.

Apparently the State Department is going to be producing "passport cards" (see image below, courtesy of Emergent Chaos) for people traveling by car or boat to Canada, Mexico, and the Caribbean.  passport-card-frame.jpgThe story states:

About the size of a credit card, the electronic-passport card displays a photo of the user and a radio frequency identification (RFID) chip containing data about the user. The State Department announced recently that it will begin producing the cards next month and issue the first ones in July.

That's right RFID just like booklet style passports. Only it won't be encrypted and it won't be shielded. It will even be "vicinity" aka long range RFID, so the very intent is to read them from a distance. While the card isn't supposed to have any personal information on it, it will link back to a database that does contain personal information. I for one don't have a lot of confidence that that database can be kept properly secure.

Security specialists told The Washington Times that the electronic-passport card can be copied or altered easily by removing the photograph with solvent and replacing it with one from an unauthorized user.

...

Joel Lisker, a former FBI agent who spent 18 years countering credit-card fraud at MasterCard, said the new cards pose a serious threat to U.S. security. "There really is no security with these cards," he said.

Click more for my thoughts on all this non-sense.

You know, I feel like most anyone looks at this and just thinks, WTF?!  I mean, did they not get the memo from our good President Bush stating that we need to spend BILLIONS on security?  I wish he would've said GODZILLIONS, that would've made this story even more hilarious.  Check out this article on USA Today by Richard Wolf on the President's new stance on security (interesting sections cut out here):

A sudden spike in the number of successful attacks against federal government information systems and databases has led President Bush to propose a multi-billion dollar response.

The number of incidents reported to the Department of Homeland Security rose by 152% last year, to nearly 13,000, according to a new government report. The security breaches, more than 4,000 of which remain under investigation, ranged from the work of random hackers to organized crime and foreign governments, says Tim Bennett, president of the Cyber Security Industry Alliance.

I wonder if the DHS counted any of their own blunders, including the infamous release of the Idaho National Labs research on hacking SCADA devices... what a ridiculously bad idea that was.  Back to the article:

The increase and severity of data breaches prompted Bush to recommend a 10% increase in cybersecurity funding for the coming fiscal year, to $7.3 billion. That's a 73% increase since 2004.

Really, a 10% increase is it and we're at $7.3 billion?  What the hell did we do with the $6.6 billion from last year?  God, what did we do with the amount we've spent since 2004?

"The president's put a lot of emphasis on this recently," says Robert Jamison, undersecretary for national protection and programs at the Department of Homeland Security. "We're concerned that the threats are real and growing. … We're more vulnerable as a nation."

Whoa, whoa, did I read that right?  You're "concerned that the threats are real and growing..."?  Are you kidding me?  You're just concerned about it, you're not 100% positive about it?

Ok, so back to that $7.3 billion and those fancy new passport cards.  I could have told you for $5.00 and a case of beer that the passport cards with RFID are a ridiculous idea, especially when they link back to a database with sensitive info.  Someone in the .gov needs to talk to Adam Laurie about this stuff.  In fact, screw the $7.3 billion!  Give me $1 million and let me hire a panel of ten top industry people (I'm not going to name names)we'll tell you what to do.

Look, I applaud the president and our government for spending the money, but let's get someone in charge of this that's going to get something done.  I don't know who is appropriating the money, but $7.3 billion is a lot of money and you'd think you could do a lot more with it than we have.

You know, this article from USA Today goes on to talk about how we are addressing the threat from China.  Ok, that's well and good, but God, we can't even tackle passport cards properly.  You just lose a lot of faith in your government doing the right things to protect you.

-Nate

Topics: Government US, Government, Legal, Networking, Security, Wi-Fi

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Nate

    I enjoy your posts and the obvious expertise you bring to them. Even though these cards are a bad security idea, this is but a small piece of the border security pie. The total budgets you are referencing cover a lot more ground than this one piece. You ask where has this money gone or is going. Well, lets look at what it takes to improve security in government networks/systems. Harware upgrades or replacements (i.e. - 802.1x and IPv6 compatible devices), security training for IT personnel and end users, encryption technology, IDS, Firewalls, PKI, software upgrades to standardize baselines, etc. Now apply this accross the umbrella term of "Federal" and we are talking DHS, FEMA, DoD, VA, FBI, CIA, EPA, National Parks, .gov, to name a few. The expense grows rather quickly. This is not to say that some initiatives don't leave plenty of room for criticism, but if you're going to quote the entire budget in a manner suggestive of complet waste on the government's part, how about a look at some initiatives worthy of recommendation?
    Goudy
    • I think my point draw off of what you are saying

      The gov't is horribly complex and I think overly so. I just got a new drivers license, it took me two weeks of filling out paper work and going here, there, everywhere. The waste comes in with this.

      -Nate
      nmcfeters
  • RE: What is the U.S. doing about security?

    The Washington Times also wrote an exclusive series about the issues surrounding the Government Printing Office (GPO) and the production of e-Passports. These RFID enabled, booklet kind of passports have a computer chip and antenna embedded in the cover so that data can be read from a distance. The Washington Times lists issues with production, shipping, excess revenues and security. See the summary on the RFID Security blog at http://www.securerf.com/RFID-Security-blog/?p=50.
    Joanne at SecureRF
  • RE: What is the U.S. doing about security?

    Scholars, security professionals and journalists alike have published countless scathing criticisms of the way the Bush administration has conducted itself in the name of security:

    In the last five and a half years, with bipartisan support, Washington has invaded two countries and sent troops around the world from Somalia to the Philippines to fight Islamic militants. It has ramped up defense spending by $187 billion-more than the combined military budgets of China, Russia, India and Britain. It has created a Department of Homeland Security that now spends more than $40 billion a year. It has set up secret prisons in Europe and a legal black hole in Guantanamo, to hold, interrogate and-by some definitions- torture prisoners (Zakaria, 2007:24).

    The ???war on terrorism??? is a multi-billion dollar exercise to protect Americans from a danger that, excluding the September 11, 2001 attacks, killed less people per year over several decades than bee stings and lightening strikes. Even in 2001, America???s worst year of terrorist deaths, the casualties from terrorism were still vastly outnumbered by deaths from auto-related accidents, gun crimes, alcohol and tobacco-related illnesses, suicides, and a large number of diseases like influenza, cancer, and heart disease. Globally, terrorism, which kills a few thousand per year, pales into insignificance next to the 40,000 people who die every day from hunger, the half a million people who die every year from small wars, the 150,000 annual deaths from increased diseases caused by global warming, and the millions who die from aids (Jackson, 2005:157).
    John Maszka