Get a handle on it
Update: GCN updated their story today – after I posted – to point out that while the investigation continues, the charges against Mr. Lynch were dropped. My comments on the basic security aspect of this piece stand.
Another perv in the ranks:
Charles Lynch, director of the Defense Information Systems Agency’s Internet Protocol version 6 transition program, was arrested March 8 and indicted in the U.S. District Court for the Eastern District of Virginia the next day on one count of possessing child pornography.
According to a statement by the DOD Inspector General’s Office, court documents allege that Lynch had been operating a peer-to-peer file-sharing program on a computer in his office at DISA. Agents confiscated several computers and more than 1,000 CDs from Lynch’s office. Agents found child pornography in computer file folders, the IG’s statement said.
I am reminded of the underground email/chat system run on secure CIA networks back in 2000. If I’m not mistaken it took down or seriously impacted people up into the SIS. Then again when you’re being led by John “Look what I’m doing on my home computer” Deutch, you can understand why such antics were thought to be OK.
I’ve been witness to or well informed of countless fiascos like this one (most aren’t as heinous but bad nonetheless). What amazes me is the sheer ignorance and complacency of those who have the responsibility to do something about it. INFOSEC policy only applies to people who can’t bully their IT people into allowing them to break the policy: they usually have eagles or stars on their shoulders, or flags behind their pictures.
You want to know one big reason why there isn’t more info sharing in the business? Because when it gets right down to it – at the transport layer anyway – you CAN’T trust anyone else. People want connectivity and a lot of it and damn the security of it all because it just slows things down. That’s great as long as you don’t mind that you’ve just let someone get inside your OODA loop. Wi-Fi enabled soldiers are no good if they are dead before they deploy.
For the government the information age is going to be awfully short if they don’t pull their heads out and don’t stop paying lip-service to INFOSEC. Look, I just spent a lot of time supporting the wisdom and wherewithal of Uncle Sam in this area. We can do it. We have done it. We need to bring ourselves back up to speed and keep doing it. In one fell swoop this guy demonstrated that one of the holiest sites (digitally speaking) in the DOD was defenseless. DOD/CERT, JTF-GNO . . . chopped off at the knees by one sick, twisted insider ****.
IC CISOs: time to dust off those UFRs and make an appointment to see The Man.