The lead story contains an important notification by Major General Lord of broad-based US federal IT security failure. As senior officials discover how bad federal security really is, they have begun looking for solutions (some are also looking for scapegoats.) The first and most important change they will make is to begin cutting budgets for policy and report writers, and transfer budget and responsibility to operational technical security projects and professionals who can actually protect their systems. The transformation has already begun. If you have soft skills (policy writing, security awareness, risk assessment, C&A report writing, etc.) and want to have great, long-term job prospects in security, it makes sense to move quickly to add hands-on technical skills so you can lead the teams of people who will be needed to turn the tide against the attackers.–Alan Paller, SANS NewsBites Vol. 8 Num. 65
I hope some of the new DoD employees and contractors also look up from traditional security to risk management.
And it’s too bad somebody didn’t already notice the failure of traditional IT security before.
Anyway, here’s the article in which General Lord reveals that the Chinese have lifted quite a bit of data from NIPRNet, which is the primary U.S. DoD logistics network.
-jsq