No-Brainer: Hacker on DHS Council
Hacking is in, at least as a way to test the vulnerabilities of government IT systems. The government is looking to employ red-team assaults in which a team of hackers attack civilian-agency systems to identify vulnerabilities (see Hacking to Secure Government IT Security). Red-team assaults have been used to test Defense and intelligence systems for years. But, dissatisfaction with the effectiveness of the Federal Information Security Management Act (FISMA) in truly determining IT systems' safety has officials looking for new ways to safeguard government IT. And red teams are among the hottest methods mentioned
"I put far greater emphasis on (red-team) reports than I would reports that would be done, for example, based on analytical bases of analysis ... based on certification and accreditation documents," says former Air Force CIO John Gilligan, in an interview with GovInfoSecurity.com. "And the point being is that the systems and networks that we have are so complex that it is almost impossible, on an analytical basis, to be able to assess the security. You really need to do hands-on."
Hacking is in, at least as a way to test the vulnerabilities.
Check out The Good Hacker my interview with the Tony Sager, the National Security Agency official who heads a group of red teams.
Consisting of experts from state, local and tribal governments, emergency and first responder communities, academia and the private sector, the Homeland Security Advisory Council provides recommendations and advice directly to the DHS secretary. Moss is one of 16 members of the council, which includes former Sen. Gary Hart and former FBI Director Louis Freeh, and chaired by former CIA and FBI Director Bill Webster.