20 August 2009 by Jeff Hayes.

We have all heard politicians and security pundits say that a terrorist attack on a chemical plant could cost us hundreds or thousands of deaths and even more injuries.

Why is it that the chemical plant owners/operators and the government officials and politicians are at odds with each other over regulation?

Is it that the chemical plant owners just don’t want to incur the expense of the government mandates? Do the politicians think the plant owners are incompetent? Are plant owners deliberately putting people at risk, including their own workers? Do the politicians think they most do something to prove their value? Is there just a general movement that more government is just better? Does those that set the laws increase their power and staying potential?

The answers to these goes to the core of our political divide in America — anywhere for that matter. There are people that think that government is the only answer to these big problems. That if the government were involved and could set strong processes, procedures and safeguards, we will all be better off. Others will say that the free market system will work. I am more aligned with the latter.

There are already existing plant regulations, inspections, etc. There is no proof that more regulations will make us any safer. That the cost to do so is justified, taxpayer be damned.

The owners are very much aware of the risks associated with their plants. Good owners are going to take prudent actions to protect their assets, employees, and community, based on their risk assessment.

There is is good evidence that says whenever the government gets involved in excessive regulation and procedures, they add unnecessary costs with no proof of improved safety, greater efficiency or better quality. Quite the opposite. I’ll bet on the private sector every time.

Posted in Homeland Security | Print | No Comments »

19 August 2009 by Jeff Hayes.

Many people in the infosec space have a secret admiration of hackers. They appreciate their technical skills — their abilities to circumvent the defenses of networks and computers systems. But when hacking turns to the criminal type, admiration should go out the windows.

When a cyber crime makes the cover the WSJ, that is telling of its roll in business and the national and international economies. From the Wall Street Journal on Tuesday, 18 August 2009:

A 28-year-old American, believed by prosecutors to be one of the nation’s cybercrime kingpins, was indicted Monday along with two Russian accomplices on charges that they carried out the largest hacking and identity-theft caper in U.S. history.

Federal prosecutors alleged the three masterminded a global scheme to steal data from more than 130 million credit and debit cards by hacking into the computer systems of five major companies, including Hannaford Supermarkets, 7-Eleven and Heartland Payment Systems, a credit-card processing company.

 

The indictment in federal district court in New Jersey marks the latest and largest in at least five years of crime that has brought its alleged orchestrator, Albert Gonzalez of Miami, in and out of federal grasp. Detained in 2003, Mr. Gonzalez was briefly an informant to the Secret Service before he allegedly returned to commit even bolder crimes.

Gonzalez has been in custody in New York for his role in a hack into Dave and Buster Inc.’s network as well as the well-publicized TJX credit card number theft.

There should be no admiration of cyber thieves — crackers as some call them.  They increase the cost of everything we consume. Whether is it extra defensive measures, extensive audits, costly insurance policies, PR-related repercussions, not to mention the cost associated with identify theft, ill-paid-for merchandise, consumer credit problems, breach notifications, etc., the anti-social behavior impacts us all.

Gonzalez and his associates are thieves, pure and simple.They should get the same punishment as an armed bank robber. Their goals are the same: theft. Only the means differ.

Posted in Hackers | Print | 1 Comment »