Sunday, November 18

Gas is stupid expensive, and Security 2.0

Yeah, I get it. If oil prices go up for this reason or that reason, gas prices are soon to follow. But costing me 60.00 to fill up the tank?

Come on. Is that truly necessary? There is nothing that can be done
about that at all?

On another note--

I've thinking about writing a blog entry about the state of modern security in computer networks. Does it work? Where are we at?  Are all the extremely restrictive policies in your corporate work environment working?  What can be relaxed?  Why?

Like to hear your thoughts. What does "security 2.0" mean to you?  


MSW said...

People complain too much about gas prices. When it reaches $8 a gallon, then I will start to worry. Right now, it's ok, and people need to cut down on their driving and also get rid of their gas guzzling cars.


Joel Esler said...

I can agree.

It's over 3.00 a gallon where I live, and I remember the days when it was .69 a gallon.

I have two cars, both are rather fuel efficient (even though one is an SUV), but I still believe gas prices are too high.

Jason said...

When you look at the total impact of gas (war, pollution, etc), even $5/gal is too low.

The rest of the world is following the USA's lead in using cars to go everywhere. Wait until everyone in China and India are driving. You'll wish for $8 gas...

You did say that you think they're too high, though. What do you suggest to lower them?

Joel Esler said...

That's the million dollar question. What would you do if you could.

You say the rest of the world is following the USA's lead. I agree. We all do our part to try and cut back on the use of gas, drive less, work from home if you can.

Tom said...

What would I do? Quit chasing ethanol (all it is going to do is drive up food prices) and create incentives to develop better battery technology so we can use sun and wind power to generate electricity. Then electric cars will mean something.

Security 2.0? Let security people implement policy instead of people whose eyes roll when you talk about mitigating a risk and think that they should implement every security control possible "because it's there". Availability is part of C-I-A, after all...

Best regards,

P.S. -- I still remember 30 cent gas -- and I read about a price war back in the early 70s where one station in Missouri was selling gas for 12 cents a gallon. That won't even pay the taxes now (and for the rest of the world, taxes account for over half of the high cost of gas in Europe! Don't give the US government any ideas, OK?)

Joel Esler said...

The taxes aren't that much different here! Taxes comprise almost half of the price of gas.

Anonymous said...

I am an IT Director with a background with IT security.

It seems everyone keeps chasing their tails when it comes to keeping networks and computers safe, why don't we just open everything up wide open so it will be a less interesting target. LOL

All kidding aside, it's an ongoing battle just like spam. IT and security are always going to have a job because of this.


Joel Esler said...

You have an interesting idea. Kind of the reverse psychology way of doing it. Let everyone do what they want. Maybe it'll avoid risk ;)

Anonymous said...

I would say that, having worked in DoD for the last 10+ years, many times sites/services are blocked for bandwidth conservation or to prevent timewasting by unit members. These include sites such as Pandora, MySpace, and Itunes. I'm not sure how effective some of these blocks are. For instance, Pandora is blocked but there are dozens of other sites that are easy to find and access.

MySpace and and their ilk were blocked I believe because people spent WAY too much time updating their blogs rather than working. (I overheard conversations regarding how people would spend 6+ hours a day updating their MySpace) Also, I believe information was put on these sites that shouldn't be on the web. But again, is that the best way to moderate this? Blocking the sites addresses the first concern, but not the second as again their are dozens of other social networking/blogging sites to use.

Your question about how effective all the regulations and policies are is another matter entirely. Like I said, I've worked in DoD for 10+ years, doing IA for most of that time. Have things gotten better over that time period? Yes and no. DoD is a LOT smarter about IA, but as we all know, it only takes one hole for the bad guys to get in while we have to defend every wall, door, window, nook and cranny. And DoD is not immune to similar demands that occur in the commercial world; namely that the General and/or his staff (CEO equivalents) want to do X and that want to do it now and this app is mission critical and IA doesn't have the power, and isn't included in the planning... you know the story and how hard it is to secure all that. Add to that how fast technology is moving and how hard it is to be REALLY sure that the neat new app you just installed doesn't have a security hole that allows remote access to your domain. And then there are home grown apps and did your developers (contractors or government) really follow best practices (or did they even know about them)? And finally, how can you stop users? Even smart users (see the recent break-ins at the labs in Tennessee and Los Alamos which I believe were attained through spear phishing)?

Like I said, it only takes one hole. DoD is a lot smarter, but then so are the bad guys and at the moment, they outnumber us. I don't believe they are smarter than us, but we have limitations they don't.

So, the final question is: Is it harder for the bad guys to get into DoD networks with all the current regulations as compared to 5 or 10 years ago? I think so, but without an objective external verification, it's hard to say for sure.