Tuesday, March 4, 2008

Update on DHS Fencing Project from DHS

Well ladies and gents, it appears the Department of Homeland Security got a bit upset at the Wall Street Journal for its article I mentioned earlier. This is the DHS's reply:

The Wall Street Journal Inaccurately Asserts That First 28 Miles of the Virtual Fence Will Be the Last: "But The Problems That have plagued the high-tech barrier mean that the fence's first 28 miles will also likely be its last. The Department of Homeland Security now says it doesn't plan to replicate the Boeing Co. initiative anywhere else." ("US Curbs Big Plans for Border Tech Fence," The Wall Street Journal, February 23, 2008)

But, P28 was a proof of concept and a building block. It was never intended to be replicated across the entire border: “Let me remind everybody, of course, the border is not just a uniform place. It is a very complicated mix of different kinds of environments -- ranging from urban areas, where the distance between the border and a major transportation hub is measured in maybe less than a mile, to very remote and desolate rural areas or wilderness areas, where there's really, frankly, quite a bit more distance to be covered and therefore a lot more flexibility in how and when you interdict those crossing the border. That's why SBI Net, as a critical element, has been designed to be a flexible tool. It is not a cookie cutter approach. What applies in one stretch of the border is not going to be what applies in another stretch. What will be common, however, is that all of the stretches and all of the tools will be integrated and bound together.” (Transcript of Press Briefing by Secretary Chertoff on the Awarding of the SBInet Contract, 9/21/06)

It's an out-of-the box concept: "I would say it is a partial model for the future. I think that it was a concept. We wanted to make sure that, A, there's the basic concept functionality work and, B, the thought was to give the contractor an opportunity to present something that essentially thought out of the box, that wasn't just a follow-on to the traditional way of doing business." (Senate Homeland Security and Governmental Affairs Committee Hearing on the Fiscal 2009 Budget for the Department of Homeland Security, 2/14/08)

And, we'll use more technologies at the border: "…by the end of this calendar year, we will be a 670 miles of barriers. Plus, we will have deployed 40 what we call mobile surveillance systems. That is ground-based radar. We will have our P-28 system, and begin to employ other camera-based and sensor-based systems…we will have substantially put either real or virtual fencing or barriers across the entire border." (Secretary Chertoff at a House Homeland Security Committee hearing on the Fiscal 2009 Budget for the Department of Homeland Security, 2/13/08)

The Wall Street Journal Claims That DHS Will Be Mothballing the Concept Behind the Virtual Fence: "The effective mothballing of the concept is a setback for the government's border-protection efforts, an embarrassment for politicians backing the idea of an electronic fence and a blow to Boeing, the project's designer." ("US Curbs Big Plans for Border Tech Fence," The Wall Street Journal, February 23, 2008)

But, that's wrong: Technology used for P28 will continue to be deployed along the border. In fact, the FY09 budget requests $775 million for SBI to continue the development and deployment of technology and tactical infrastructure on the border.

The Wall Street Journal Erroneously Reports That DHS Issued Boeing a New Contract to Fix the P28 Common Operating System: "In early December, the government said it was closing in on taking delivery. But that same month, the government gave Boeing another $64 million contract to fix the "common operating picture," which lets agents in vehicles see imagery from the towers' surveillance systems." ("US Curbs Big Plans for Border Tech Fence," The Wall Street Journal, February 23, 2008)

But, this contract was to develop the new Common Operational Picture and to enhance systems capabilities for future deployments as initially planned. ("DHS Moves Forward on Border Fencing and Technology Improvements", December 7, 2007)


All I have to say is, "Wow!" I understand this was supposed to be just a "proof-of-concept" to see if this would work across the board. And I don't think this was supposed to be our only lines of "defense". But I do think DHS has to step-up the deployment a notch. If it's working like Secretary Chertoff says, then let's get this thing rolling.

According to most immigration watchdogs and other concerned parties, every day wasted testing or delaying is another day wasted keeping bad guys out. If I live in a really bad neighborhood and all I have is a big mean guard dog and pistol to protect my home, this may work to some extent. It does not keep intruders from gaining in the first place and may not achieve the results I had intended as well as welcoming me up to substantial liabilities.

As I welcome the idea of a "virtual fence", I believe we have to have other means to secure our borders. In addition to new technologies, we need new tactics and methodologies when dealing with our current immigration debacle. That's the end of me being political but I hope you get the picture.

Saturday, March 1, 2008

Google Hacking Tool

Now, I'm all for Google. I mean they've given me a blog and all sorts other cool things like unlimited mail and an awesome task/reminder service. But there are moments when their technology, well sort of, scares the heck out of me. My membership with ASIS has proven invaluable once again. An article written in Security Management talks about another tool hackers have come up with to make find vulnerabilities that much easier.

According to SM, "The new web auditing tool is known as Goolag Scanner, which uses Google's search engine to scour the Web for passwords and security holes."

A hacking group calling itself cDC or Cult of the Dead Cow (cDc). This is the same group who created a little program called "Back Orifice". Sounds a tad bit perverted, but I can assure you the IT departments and users this little software caused grief didn't think it was some laughing matter. "Back Orifice" created a "back door" for hackers to remotely control any computer they gained access to.

Scared yet? Well, don't go calling IT in a panic yet. It turns out that this tool just uses Google to sniff out information you and I could find ourselves through Google. Now it would take us a lot longer. Why is this something not to worry about? Because this program can tell you what hackers may already know about your setup or what you don't. What is that exactly - How secure is your website?

According to cDc, they realize this threat and its the reason they created it. "It's no big secret that the Web is the platform," said cDc spokesmodel Oxblood Ruffin. "And this platform pretty much sucks from a security perspective. Goolag Scanner provides one more tool for web site owners to patch up their online properties. We've seen some pretty scary holes through random tests with the scanner in North America, Europe, and the Middle East. If I were a government, a large corporation, or anyone with a large web site, I'd be downloading this beast and aiming it at my site yesterday. The vulnerabilities are that serious."

It turns out DHS was made aware of the vulnerability a few weeks ago according to Ruffin. Security experts are now taking a look at the software to ascertain where they're vulnerable.

For now, let's make sure you're doing the same. Check out the article here. InformationWeek's article can also be found here as well.

Friends, Neighbors, and Professionals

I'd like to introduce two awesome professionals that I've gotten to meet either in-person or online. The first person is a gy I met at at what used to be called the Tactical Entry and Explosive School in Memphis, Tennessee (now called Olive Security). His name is Lance Harris and of a few people I've met who I can say is is true executive protection professional. I've known Lance for over 5 years and I know he's always looking for training and special duties to enhance his professional pedigree (not that he needs it). I'm sure if you asked him he might tell you some ridiculous story about me and some rental car almost careening off a highway exit ramp. He's also one of a few that I can say is "100% bona fide been-there-done-that". He currently operates Spartan Consulting which is a target hardening, executive protection firm. Lance can be found at either http://www.tacticalforums.com or at http://www.spartanconsultinggroup.com/.

The last guy I'm going to mention is Bryan Cox. Like Lance, I know Bryan through TF. He, like Lance, is "good-to-go" in my book. He's one of the moderators there and manages to keep the "riff-raff" down. He has a blog as well at http://desotosecurity.blogspot.com/. He operates a security consulting firm called Cox Protective Services. Please, check him at here.

This is not a complete list of guys who are "good-to-go". These are two who have consistently given me feedback and advice in my journey through the field of security. Should you ever need advice or a good idea or two, I recommend these two (and others).

About Us