Incident response: Don't lie

Security Strategies This newsletter is sponsored by Sterling Commerce Podcast: SOA and adaptability Listen to this podcast to learn how your IT shop can be more adaptable with SOA and Web services. Discover how to measure your organizations adaptability and why you need to quickly change to meet the requirements of new business models and strategies. Listen to this podcast now. Network World's Security Strategies Newsletter, 10/23/07 Incident response: Don't lie By M. E. Kabay A couple of recent news stories got me thinking about the confluence of practicality and morality that should inform effective computer incident response. The first case may seem silly: Richard Marson, the editor of a popular child’s show called “Blue Peter” on the British Broadcasting television network was suspended in September 2007 “after it emerged that the wrong name had been chosen for the new Blue Peter cat in an online poll.” Apparently the children wanted “Cookie,” but upper management allegedly ordered the staff to chose “Socks” - and Marson is taking the consequences. The second news report is much more serious and will touch many readers deeply. In brief, there is overwhelming evidence that U.S. Army doctors have been deliberately lying about the medical condition of veterans returning from the U.S. invasion of Iraq. In many documented cases, the doctors have unjustifiably labeled wounded veterans as suffering from pre-existing personality disorders. Webcast: Get the latest on NAC Learn the latest on Network Access Control in Network World's Perspectives Editorial Webcast. Discover how IT professionals can leverage this hot security technology in their networks, while also learning about key management areas that have not yet been perfected. To learn more click here. The wounded veterans are therefore denied their well-deserved medical benefits because they are discharged under Regulation 635-200, Chapter 5-13. The benefits withheld are estimated in the tens of billions of dollars and many of the veterans and their families are suffering severe financial woes. Worse, new investigations reveal that assurances of independent review of the situation made by Maj. Gen. Gale Pollock, acting surgeon general of the Army, are outright lies. Pollock claimed that she had ordered a “comprehensive review… conducted by a panel of health experts” but a single reviewer, Col. Steven Knorr, was the only author of the first report. Knorr was in fact one of the psychiatrists allegedly mislabeling many of the wounded veterans as suffering from the pre-existing personality disorders being contested. As a result of the scandal, Rep. Bob Filner (D-Calif.), chair of the House Committee on Veterans’ Affairs, scheduled public hearings on the matter in July. The investigations continue. In both of these cases, the dishonesty of managers has resulted in embarrassment and additional expenses for their organizations. Employees have been scrambling to gather information more quickly than they would have under normal circumstances; public relations staff are undoubtedly working overtime - and perhaps making yet more mistakes because of the pressures to recover credibility. Supervisory bodies have been dragged into investigations. I’m sure that morale among employees is damaged. Ironically, both organizations are governmental or quasi-governmental: They’re supposed to be working for their people – so what are managers doing lying to the public? Dishonesty is demoralizing to everyone - managers and employees alike; lying destroys the web of trust that encourages honesty and forthrightness in all aspects of our work. Dishonesty breeds more dishonesty; I would expect an increase in petty theft, inaccurate and misleading reports designed to please upper management, and absenteeism. In addition, lying opens the organization to blackmail. In contrast with the duplicity shown in these cases, there is a famous case of openness and honesty during incident response. “In February 1998, Vladimir Levin was convicted to three years in prison by a court in New York City. Levin masterminded a major conspiracy in 1994 in which the gang illegally transferred $12M in assets from Citibank to a number of international bank accounts. The crime was spotted after the first $400,000 were stolen in July 1994 and Citibank cooperated with the FBI and Interpol to track down the criminals. Levin was also ordered to pay back $240,000, the amount he actually managed to withdraw before he was arrested.” Citibank openly discussed the hacker attack and nominated Steve Katz as the financial industry’s first chief information security officer. I recall thinking at the time of the breach that Citibank’s surprisingly low loss of customer confidence was due to its forthright and honest policy of telling the truth about the incident and its response. So let’s do what our moms always told us when we were kids: don’t lie! * * * Readers interested in veterans’ affairs may want to read the report of the “Task Force on Returning Global War on Terror Heroes” presented to President Bush in April 2007. I hope that many people will express genuine, operational support for our veterans by communicating with their members of Congress and senators ensuring that the Task Force recommendations are carried out.   What do you think? Post a comment on this newsletter

MOST-READ STORIES: 1. Wireless video transfers 100X faster than WiFi 2. Why swearing at work is a good thing 3. 2007 network industry graveyard 4. Firewall secures battlefield communications 5. 6 hot items on the hacker's holiday shopping list 6. Cisco says it did not 'act inappropriately' in Brazil 7. Gartner's top 10 strategic technologies for 2008 8. Funniest Microsoft videos on YouTube 9. Bromine group slams Greenpeace iPhone report 10. Airline safety survey results kept secret to prevent panic MOST E-MAILED STORY: Cisco offices raided, executives arrested in Brazil

Contact the author: M. E. Kabay, PhD, CISSP-ISSMP is Program Director of the Master of Science in Information Assurance and CTO of the School of Graduate Studies at Norwich University in Northfield, Vt. Mich can be reached by e-mail and his Web site. This newsletter is sponsored by Sterling Commerce Podcast: SOA and adaptability Listen to this podcast to learn how your IT shop can be more adaptable with SOA and Web services. Discover how to measure your organizations adaptability and why you need to quickly change to meet the requirements of new business models and strategies. Listen to this podcast now. ARCHIVE Archive of the Security Strategies Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007