Documente Academic
Documente Profesional
Documente Cultură
Zachary Standridge
Findings
After reviewing this article and report I have decided that the most important aspects which
need to be addressed are the maintenance of the network/hardware and lack of a proper
leadership matrix. There are other aspects which are included within the official report
which are a high priority as well but with proper changes, they would be immediately
still working within the network is an absolutely impossible legacy means of doing things
for proper security to be ensured for the country. This issue includes out of standard
machine and software working within the network, a complete lack of security patches
after being notified that they have been found lacking, a use of Microsoft server products
whose security updates from the company have been discontinued, and last but definitely
not least, a companywide dependency upon the Program Managers for checking on the
software licensing compliances every period but may not complete the check within the
time period due to a new agency policy of swapping around of personnel from one
The second issue which was found to be very large and looming is a lack of sound and
steady leadership/employee workplace standards. With the current political climate having
a swapping of leadership such as The Head of DHS, John Kelly being in office for 190
days, Mrs. Duke 128 days, Mrs. Neilsen 1 year and a half, with a new head being
appointed on the 12th of this month. The Chief Informational Officer of Homeland Security
Mr. Staropoli resigning after just 3 months at the same time that Jeff Eisensmith the chief
technical officer retires. This would not be an issue except for that the department has a
policy of each leader is responsible for making sure that policies are followed but since
they are not in office long enough for the calendar time span to come around, the clock is
reset, thus leading to a shortcoming in upkeep to the security policies. Adding onto the
issue with a revolving door policy to the leadership, some protocols from the former DHS
CIO have created issues. Mr. Eisensmith installed a system called the Information security
continuous monitoring (ISCM) which is a bottom to top informational flow system with the
approval for updates coming from the higher leadership. In discovery, it was found that the
main Security Operations Center is currently being staffed by a contracted company which
runs the center in the name of DHS, not Homeland Security staff themselves. The
contractors are responsible for all security decisions. In 2008, this contracted was awarded
be lacking is that before he left, Staropoli made some department-wide decisions which
have not been rolled back or changed, according to the information available at this time.
He wanted to streamline the department-wide IT staff by moving them all into one floor of
one building, “A trader floor”, mentality. This short staffing and abrupt additions to each
person’s workload while training them on the new responsibilities is a hole which could
allow security holes which would otherwise be seen by a trained employee. Staropoli also
on top of making some serious organizational errors, created his own potential flaws within
the department by not taking the time to properly vet applications for sake of having them
sent out to employees for cloud safety on the belief that it was a waste of time to ensure
their safety.
things that the attacker would do. If I were the attacker and found an out of a standard
server, I would try to gain access to a UCCP account. Most of the time these accounts are
generalized for access across different regions. If I could get the password, I would then
create my own account with system admin rights, edit the password file so that no one
else could use it, go on LinkedIn and find someone that works for DHS in the IT department
and name it after them using the naming scheme where just by looking through the user
accounts it would blend in, then start monitoring traffic and selling it to the highest bidder.
Having access to the department network with admin rights could be useful for sending
out my own data to the clients. I would send out falsified credential emails with information
that could lead to an actual physical world penetration with the attacker being welcomed
in by security, from within the network also I could use the exploited server as a home
base to launch attacks on other servers. Since there are documented unpatched servers
and more importantly servers which are not being serviced by Microsoft anymore, this
would/should bring in more attacks. “IF” I were to take one over, the very first thing after
creating my own account, deleting the logs, and covering my tracks would be to fix the
hole that I came in, in the first place if possible. Having someone else in the system making
noise when since this is such an important department could lead to my own exploits being
seen.
Having a rotating door when it comes to executive leadership and an exploited server with
access to personnel files could be used to create a physical security breach. Everyone is
constantly seeing new management coming and going so seeing a new face would not be
out of the ordinary. In politics, being associated with cybersecurity is the new hot addition
in the resume while not actually bringing anything to the table. This has its own problems
because they make the decisions which are going to lead to problems such as Staropoli
rushing new cloud-based applications before proper testing for security. Having a
commercial entity contracted out to run the hub of our nation’s cybersecurity operations
center can lead to problems. When a company accepts a contract, they are allowed to
make changes to procedures, have access to past data, and control over database
policies. Verizon has been shown to not update their hardware as expected. This was
shown to not just be a what could happen but what will happen since in 2019 they did not
update a FIOS server controlling login credentials. When a server such as these lose
integrity, they can open up a wide variety of issues. When within a company’s firewall,
Recommendations
When dealing with governmental agencies, redundancy should be the word which
everyone knows and subscribes to. My proposal for fixing all of the non-leadership issues
monitoring the policies which should be enforced but aren’t. The ISOO is already
responsible for the government classification system The report noted many times that
there are many security holes from systems not being kept within standards due to a wide
range of reasons. Having the ISOO monitor the departments which work within the
CONUS would allow for a check for the employees who may or not even be there in the
future due to more cutbacks. Since contractors are an accepted method of staffing the
control center, I propose a yearly red team audit of cybersecurity within the DHS. This
would bring in new ideas and methodologies for future security policies to be molded after.
While having contractors working in a site is not a necessarily bad business process, it
can and has led to some rather unpleasant outcomes, my proposal for this issue is that
instead of using civilians, use the already vetted and ambitious members of the military as
support staff. There is a huge surplus of underworked IT staff from each branch of the
military that can take up the slack in the control center with DHS civilian management. This
wouldn’t be a joint venture but act as a training easement from the military life into a