Nope, nope, nope, nope. You tickle the wrong sh*t and that's the end of things. You will hear it from agency leads as well as mission folks. Imagine tickling a dam control system at BOR, and whoops, flood. VA hospital... the folks there need at least a ride-along. #BadIdeasOfBad
There's reasons that you have permissions being granted, and it's not to hide stuff, but there are systems at NIH & CDC (lab systems), LE systems at multiple agencies, CIP at Interior, medical at VA that require scheduling to not affect operations - this is just dumb on its face.
Imagine knocking out the system printing social security checks or medicare claims, that'll raise some fun... or the US Mint and BEP? Those systems are protected, and separated, but unannounced system probes and such will do more harm than good. Trust me. BTDT
Some stuff are mainframes who's backup plan is literally to head to eBay for replacements... I've been briefed on that DR/COOP plan... unsustainable... and also something you should better press Congress about fixing.
This, the threat hunting, while it's par of the zeitgeist now because of SolarWinds and other events, needs to be better informed by folks who know the system that is Federal infrastructure and practitioners who do the work - otherwise, you pit folks against one another again

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Amélie E. Koran

Amélie E. Koran Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @webjedi

24 Dec
BTW, a little primer that got buried in a recent thread - but is applicable for the "Why didn't the US Government do better for the #SolarWInds since we there so much money and resources at it..." - the simple answer is, "we didn't , actually" and here's a little why. #thread
I officially became a Fed in 2010, but was a contractor in 2006/2007 and an FFRC staff 2009/2010, so I got back a ways... but the Federal budgeting process has changed a little in that time... thank you deficit spending.
Our housing bubble famously exploded in 2008, so THAT was fun. But it caused some scramble on how the Federal government went about funding stuff. Mainly, as tax dollars dried up a little and folks supposedly got serious about balanced budgets, agencies were forced to...
Read 32 tweets
22 Dec
You know, reading this NYT, I have a theory... & oddly it’s maybe traced back to the #CDM program. This was the first government-wide effort to enumerate agency infrastructure, down to core components & architecture. Which could explain why #SolarWinds was an effective vector 1/
So they say they got into Treasury D.O. accounts (Departmental Offices). But thinking, if this went back always for 2019 and prior, I think about how casually docs for CDM were shared between the agency leads and the contractors doing CDM. nytimes.com/2020/12/21/us/… 2/
To that end, if you got a dump of those, either from DHS, an agency, or contractor (which were also limited in number), you literally have a map with road signs as to what was installed where, who managed it, and what was enabled. This is easy targeting info. 3/
Read 7 tweets
3 May
so everybody seems to have harped on the FB/Twitter/Insta post about the pizza food truck owner and his @Grubhub bill and subsequent minuscule take-home. However, there's a little more to unpack, and while I'm not defending either, always look at your data and ask questions. 1/
He had 46 orders for a total of $1042.63 - $22.66/order avg. - which, if a regular pizza joint in a highly populated area, is sort of average for a 16" pizza. - if a food truck "long" pizza, that's like two takeaway orders. And note, he said "food truck", so this isn't B&M 2/
The agreed upon Grubhub commission/fee is about 20% (19.8%), which is their cost for advertising, usually hosting an ordering site, and so forth. Having done e-commerce many times before, the split of 10% for ops and 10% for marketing seems in line - and this may be on top 3/
Read 14 tweets
16 Jan
it still hurts when I sit in a conference talk where government "cyber workforce" discussions occur, and they still beat the same drum that hasn't worked for years, and realize that none of them come to things like BSides, Defcon, Shmoo, and others to have a realistic discussion
they merely talk about frameworks and policies, but nothing actually actionable or results... granted, having also sat in on agency discussions where there was a lot of, what could be best described as "whining", but no after action to address those concerns...
as I said MANY times, that if you have a shortage or want to focus on development and recruitment, you need to meet where the talent goes to learn, rather than hope and pray that a fishing expedition via job postings attract who and what you think you need...
Read 11 tweets
26 Nov 19
It still boggles my mind that we will have people flock to conferences about the latest and greatest thing, and then come back to their org wanting to do that latest and greatest, but not be willing to invest in the basic work required to share up and mature the org to fix stuff.
"I want to do $buzzword_tech" while not even taking a moment to possibly get all their systems to a maintainable standard, reliable inventory and maintenance cycle, and repeatable and reliable processes. Again, like building the Burj Khalifa on quicksand. gizmodo.com/without-trucks…
...you're doubling down on resources, and creating exponentially larger piles of tech and process debt that, given the tenure or most tech execs, will not be their problem, as they will be gone by the time the shit tankers run out of places to dump... fix this, then modernize
Read 18 tweets
28 Dec 18
I figured it was worth a little explainer for the Anti-Deficiency Act and relation to IT operations and shutdown activities. I write as somebody who's been through a few in various roles... (1/12)
To clarify on the “it’s a static site, why can’t they…” comments. Each agency affected typically has a mix of appropriated funding: “no-year” & annual, each with time limits of when and what it can be spent on as well are... (2/12)
...“fee-based” for certain programs. During shutdown activities aligned with a “lapse in appropriation,” agencies and their components will utilize remaining funding to wind down operations to a minimum (hence the “Not Open” signage)... (3/12)
Read 12 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!