Why Government Systems Fail at Security presented at BlackHatWindows 2001

by Chey Cobb,

Summary : The Cold War is over and government agencies and offices are told that everyone is an ally, partner, friend. Everyone and everything is connected. We're told everything is "safe", including COTS. Collaboration is the new buzz word.
The result? The agencies are at odds with one another as they try to adjust to this strange new world. They can no more agree on WHAT needs protecting than they can on HOW to protect it.
Official inter-agency security policies exist for protecting sensitive systems, but compliance is hit-or-miss at best. Factor in the politics, egos, personal agendas, skimpy budgets, and laissez faire attitudes, and you'll see why these systems aren't nearly as safe as we are led to believe. This talk documents these problems with case histories and focuses on the most promising paths to solving them.
Chey is a 15 year veteran of computer security. She is a former Senior Technical Security Advisor for Program Offices and Directorates of the NRO (National Reconnaissance Office). Her recent accomplishments include: A key member in the development of NRO's Malicious Code Protection Plan, Recently in charge of information security at a large overseas facility, and Instrumental in developing security policies, emergency response plans, and training programs for specific programs.
Their Presentation! (PowerPoint 122k)