• United States



Federal Bureau of Insecurity?

Jun 13, 20072 mins
Data and Information SecurityIT Leadership

In a press release earlier today the FBI is patting itself on the back regard the apprehension of 3 bot herders.

Yup, that’s right an entire press release devoted to that. I’m not sure if I should be happy that the FBI is now realizing that botnets are a threat, or saddened that it took this long for them to get onboard. Those of you in the corporate world may not know of REN-ISAC or the work that they do, but in my opinion this organization does more damage to botnets in a week than the FBI does in a year. Granted, I don’t know what super secret files the FBI is keeping on these bot herders, but perhaps that is part of the problem. Botnets and cybersecurity as a whole is a larger problem than the FBI can handle. For that matter, it’s larger than any single organization. Significant improvements in cybersecurity can’t be realized until we have more organizations, like REN-ISAC that cross organizational, state, and international boundaries and work together.

I just read a blog post by Jeff Jones at that details the days of risk associated with a vulnerability and is categorized by software vendor. I have a problem with the huge differences in time – to – patch. Obviously some of these vendors (Microsoft & Apple) have developed some best practices in the area. Why can’t the other’s follow suit? In an organization that is home to a myriad of hardware and software platforms, the lack of routine patch schedules is a huge problem for me. Like the FBI and Sun Micro., we can continue to bury our heads in the sand and ignore cybersecurity, or we can build on the work of others like REN-ISAC, Microsoft, and Apple and try to DO something to make the web a better place.

…don’t you just feel all warm inside now…

Chad McDonald, CISSP, CISA, C|EH, PMP is a Senior Professional Services Consultant with Imperva. Chad has worked previously at National Student Clearinghouse, Centers for Disease Control and Prevention, Georgia Department of Audits and Accounts and is the former Chief Information Security Officer at Georgia College & State University. Chad has addressed numerous groups on topics such as business continuity planning, incident response, and information security awareness. Chad has spent the bulk of his career building, managing, and assessing information security for educational and research organizations. Chad has earned multiple professional security certifications. He is a member of the Information Systems Audit and Control Association as well as InfraGard, an FBI Task Force charged with protecting the nation's information infrastructure. Chad is active in the security community He worked with law enforcement agencies to assist in the prosecution of the first computer crime on record in Georgia and continues to assist local and state authorities with computer based investigations. Chad has investigated computer and computer-related crimes for local and state law enforcement agencies. Chad is an avid Mac user, since he was rescued from the dark side eight years ago. He currently conducts the vast majority of his work using a MacBook Pro and a MacBook. Chad looks forward to the day that he can stop referring to himself in the third person and actually pay someone to write his bio for him. The opinions and statements expressed here are those of Chad McDonald and in no way reflect opinions or statements of any employer or organization with which Chad is affiliated.