Security cannot be improved by waving flags

Via Schneier comes a story about the US Navy and a disgruntled contractor who just plead guilty:

He confessed to programming malicious software codes into computers that track Navy submarines in May 2006 while in Naples. He told Navy investigators that he was upset that his company’s bid on a project was passed over. Sylvestre had fled Italy after he entered the codes.

The guilty party, one Richard Sylvestre, was a sys-admin at a US Navy System based in Naples Italy and he had a top-secret security clearance. So, without being to crass about it, the sales pitch about security as a property of who works on the software is once again shown to be simply ridiculous – see my old note on the subject. Security is a reliability issue that needs to be addressed in design and administration procedure. The network that was hacked was too trusting of its operators and the people who were responsible for administering the sys-admins were not doing their jobs.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s