according to this. I guess their "Stronger IT
Leadership" is not strong enough.
Steven Naslund
Chicago IL
-Original Message-
From: Naslund, Steve
Sent: Friday, June 19, 2015 12:30 PM
To: Naslund, Steve; Jim Popovitch; nanog@nanog.org
Subject: RE: OPM Data Breach - Whitehous
Here is a great quote straight out of the OPM budget of 2013.
-
Human Resources Line of Business (HR LOB)
The Human Resources Line of Business (HR LOB) leads the government-wide
transformation of HR Information Technology by focusing
Here is their 2013 budget
https://www.opm.gov/about-us/budget-performance/budgets/2013-budget.pdf
Glancing through it they had a 2.1B total appropriation with 90.5M dedicated to
salaries and expenses where IT would fall. It appears that their CIO also has a
multi-year fund around 70M separately
On Fri, Jun 19, 2015 at 12:12 PM, Naslund, Steve wrote:
> There is an O&M budget created for the day to day operation and maintenance
> of IT systems. This is approved along with your department's budget
> annually. If you classify updating equipment as an O&M function (which it
> routinely i
Wrong. I was a government (US Air Force) network engineer for over 10 years
(not a contractor, a full time employee). There is an O&M budget created for
the day to day operation and maintenance of IT systems. This is approved along
with your department's budget annually. If you classify upda
On Fri, Jun 19, 2015 at 10:43 AM, Naslund, Steve wrote:
> No I intentionally left those out. Here is why. If they would do small
> incremental work, they don’t get into the areas of congressional approval
> and GSA. You can just do the small incremental projects under your IT
> operations budge
leap here.
-- patrick darden
-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jim Popovitch
Sent: Friday, June 19, 2015 9:12 AM
To: nanog@nanog.org
Subject: [EXTERNAL]Re: OPM Data Breach - Whitehouse Petition - Help Wanted
On Fri, Jun 19, 2015 at 9:55 AM
No I intentionally left those out. Here is why. If they would do small
incremental work, they don’t get into the areas of congressional approval and
GSA. You can just do the small incremental projects under your IT operations
budgeting. There is a big misconception that everything requires co
On Fri, Jun 19, 2015 at 9:55 AM, Darden, Patrick wrote:
> Good point. It's a massive job, and sometimes it is best to look at those
> piecemeal. Start with small goals, and pick low hanging fruit--your example
> of the server room is good. Set it up with and IDS, a firewall, harden the
> hos
nanog-boun...@nanog.org] On Behalf Of Naslund, Steve
Sent: Friday, June 19, 2015 8:31 AM
To: Stepan Kucherenko; nanog@nanog.org
Subject: [EXTERNAL]RE: OPM Data Breach - Whitehouse Petition - Help Wanted
I think one of their major issues is that they look at too much of the network
at a time. If
I think one of their major issues is that they look at too much of the network
at a time. If they decided they were going to secure a particular data center
or building, they might be much better off. If they start with defending the
servers from internal as well as external threats and then m
On Thu, Jun 18, 2015 at 7:50 PM, Stephen Satchell wrote:
> On 06/18/2015 10:15 AM, Nick B wrote:
>
>> I wish I had some simple solution, but I don't, it's going to require
>> years, probably decades, of hard work by a motivated and skilled team.
>> Also, a stable of unicorns.
>>
>
> Not to mentio
On 06/18/2015 10:15 AM, Nick B wrote:
I wish I had some simple solution, but I don't, it's going to require
years, probably decades, of hard work by a motivated and skilled team.
Also, a stable of unicorns.
Not to mention an Act of Congress. Oh, wait...
On Thu, Jun 18, 2015 at 11:00:00AM -0400, shawn wilson wrote:
> If the argument is that she should've shut down the network or parts of it
> - I wonder if anyone of you who run Internet providers would even shut down
> your email or web servers when, say, heartbleed came out - those services
> aren
18.06.2015 18:00, shawn wilson wrote:
I'd actually be interested in a discussion of how much you can possibly
> improve / degrade on a network that big from a management position.
That's quite an interesting topic, isn't it ?
Dilbert still has his job so it might as well be immutable. :-)
On Thu, Jun 18, 2015 at 1:15 PM, Nick B wrote:
> Having worked for several departments like this, I can assure you her
> flustsration was not about her "inability to hire competent people" or "the
> lack of her superiors to prioritize the modernization project". Unless you
> have worked for the F
On Thu, Jun 18, 2015 at 04:34:46PM +, Cryptographrix wrote:
> Have to agree with Shawn on this.
> If you watch her testimony in front of Congress, it is clear that she was
> completely flustered at the inability to hire competent people, and the
> lack of her superiors to prioritize the moderni
--- r...@tristatelogic.com wrote:
From: "Ronald F. Guilmette"
I _do_ understand the point you are making. But if you are charged with
the safekeeping of untold millions of extraordinarily detailed personal
data files, and if you don't have the resources to do your job properly,
wouldn't the Rig
Based on prior work in this space, the problems are as follows:
0. Political appointees don't stick around for long, therefore they can
always point to the last guy as the problem. They are also gone, before
impact of lack of security focus impact their jobs.
1. Executives and middle managers
In message
Cryptographrix wrote:
>If you watch her testimony in front of Congress,...
I did, actually. And it pissed me off so much that I started the
petition (to get her fired).
I encourage everybody to watch the video of her congressional testimony
on Tuseday. She how she tries to stonew
--- b...@herrin.us wrote:
From: William Herrin
The core problem here is that the Authority To Operate (ATO) process
consumes essentially the entire activity of a USG computing project's
security staff. The non-sensical compliance requirements, which if
taken literally just about prevent you fro
Absolutely Bill,
That is always the case with the government (I have worked with them a lot).
They build lots and lots of procedure and process and dumb standards (mandatory
POSIX compliance?!?!?, that was a good one) when step one would have been to
get current firewall technology in place,
On Wed, Jun 17, 2015 at 8:54 PM, Ronald F. Guilmette
wrote:
> I've just started a new Whitehouse Petition, asking
> that the director of OPM, Ms. Archueta, be fired for gross incompetence.
Hi Ronald,
The core problem here is that the Authority To Operate (ATO) process
consumes essentially the en
Having worked for several departments like this, I can assure you her
flustsration was not about her "inability to hire competent people" or "the
lack of her superiors to prioritize the modernization project". Unless you
have worked for the Federal Government it's almost impossible to understand
t
On Thu, 18 Jun 2015 16:34:46 -, Cryptographrix said:
> From the sound of it, she ran into the ceiling of available workers that
> were willing to work for the pay grade that the government offers for those
> positions, which is usually much less than private industry offers and - as
> a conseq
On Wed, Jun 17, 2015 at 8:54 PM, Ronald F. Guilmette
wrote:
> My apologies in advance to any here who might feel that this is off
> topic... I don't personally believe that it is. Frankly, I don't
> know of that many mailing lists where the subscribers are likely to
> care as much about network s
Have to agree with Shawn on this.
If you watch her testimony in front of Congress, it is clear that she was
completely flustered at the inability to hire competent people, and the
lack of her superiors to prioritize the modernization project she had so
passionately advocated for.
When I've worked f
On Jun 17, 2015 8:56 PM, "Ronald F. Guilmette"
wrote:
>
>
> *) The Director of the Office of Personnel Management, Ms. Katherine
> Archueta was warned, repeatedly, and over several years, by her
> own department's Inspector General (IG) that many of OPM's systems
> we
Harry Hoffman hhoffman at ip-solutions.net wrote:
>I think it would be great if you were to include some source links in
>your petition/email so that folks unaware of the specifics can educate
>themselves in a non-partisan and factual manner.
Well, as regards to the petition itself, I can't bec
In message
Tyler Mills wrote:
>This is the government... you have to put on your bizarro-economics and
>bizarro-ethics glasses for the State to make sense.
>
>It does not operate like a market. Failure results in people being
>shuffled around, and larger budgets. Failure justifies more control
--- r...@tristatelogic.com wrote:
From: "Ronald F. Guilmette"
*) The Director of the Office of Personnel Management, Ms. Katherine
Archueta was warned, repeatedly, and over several years, by her
own department's Inspector General (IG) that many of OPM's systems
were
This is the government... you have to put on your bizarro-economics and
bizarro-ethics glasses for the State to make sense.
It does not operate like a market. Failure results in people being
shuffled around, and larger budgets. Failure justifies more control and
power. People get taken down for
I think it would be great if you were to include some source links in
your petition/email so that folks unaware of the specifics can educate
themselves in a non-partisan and factual manner.
Just my $0.02.
Cheers,
Harry
On 6/17/15 8:54 PM, Ronald F. Guilmette wrote:
> My apologies in advance to
33 matches
Mail list logo
