The Public Eye with Eric Chabrow

No-Brainer: Hacker on DHS Council

No-Brainer: Hacker on DHS Council

The fact that the founder of two hacker conferences finds himself on the federal Homeland Security Advisory Council has created a bit of a stir, but shouldn't. Not having the likes of Jeff Moss, founder of the hacker and security conferences Black Hat and Defcon, on the council would be more noteworthy.

Hacking is in, at least as a way to test the vulnerabilities of government IT systems. The government is looking to employ red-team assaults in which a team of hackers attack civilian-agency systems to identify vulnerabilities (see Hacking to Secure Government IT Security). Red-team assaults have been used to test Defense and intelligence systems for years. But, dissatisfaction with the effectiveness of the Federal Information Security Management Act (FISMA) in truly determining IT systems' safety has officials looking for new ways to safeguard government IT. And red teams are among the hottest methods mentioned

"I put far greater emphasis on (red-team) reports than I would reports that would be done, for example, based on analytical bases of analysis ... based on certification and accreditation documents," says former Air Force CIO John Gilligan, in an interview with GovInfoSecurity.com. "And the point being is that the systems and networks that we have are so complex that it is almost impossible, on an analytical basis, to be able to assess the security. You really need to do hands-on."

Check out The Good Hacker my interview with the Tony Sager, the National Security Agency official who heads a group of red teams.

Consisting of experts from state, local and tribal governments, emergency and first responder communities, academia and the private sector, the Homeland Security Advisory Council provides recommendations and advice directly to the DHS secretary. Moss is one of 16 members of the council, which includes former Sen. Gary Hart and former FBI Director Louis Freeh, and chaired by former CIA and FBI Director Bill Webster.



About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.