Comments
NSA's Rogers: No White House Request for Action Against Russian Hacking
Newest First  |  Oldest First  |  Threaded View
jbconner
50%
50%
jbconner,
User Rank: Apprentice
2/28/2018 | 1:01:38 PM
SO he's admitting that he is not doing his job?
"his agency has not been asked to do anything about Russian hackers targeting the US election system. Rogers told the committee that he doesn't "have the day-to-day authority" to authorize activity to counter the attacks"

"He also confirmed that he has shared with individuals in the Trump administration his opinion on the attacks and what might be done to stop them."

"But Rogers said he has neither asked for, nor volunteered, a formal plan in writing."

Isn't it his job to develop a formal plan of exactly what his agency would do to combat this threat and then formally submit that in writing to the White House for approval? Does he sit around always waiting for someone to request that he do his job, and doesn't do anything until then? Shouldn't the heads of all the intelligence agencies be constantly developing plans to deal with not only this threat, but all other threats to national security? And if they don't have the authority to implement those plans, then submit those plans to the commander-in-chief and the White House for approval? And not just tell a few people about their opinions?

If they did that and the request was turned down by the White House, then this would be a different story. But as is, it is partisan BS being pushed by media bias.

If someone asked me what I was doing to prevent a breach into my organization, and I said that I haven't had any request from my executive officers for any action to prevent a breach, so I'm not developing a plan to submit to them for approval, I would be justifiably FIRED for not doing my job.


Why CISOs Need a Security Reality Check
Joel Fulton, Chief Information Security Officer for Splunk,  6/13/2018
Cisco Talos Summit: Network Defenders Not Serious Enough About Attacks
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2018
Meet 'Bro': The Best-Kept Secret of Network Security
Greg Bell, CEO, Corelight,  6/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12294
PUBLISHED: 2018-06-19
WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object.
CVE-2018-12519
PUBLISHED: 2018-06-19
An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials.
CVE-2018-12588
PUBLISHED: 2018-06-19
Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-1 before 3.1.1-2 allows remote attackers to inject arbitrary web script or HTML via the catalog.noTitlesSearch parameter (aka the S...
CVE-2018-10811
PUBLISHED: 2018-06-19
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
CVE-2018-10945
PUBLISHED: 2018-06-19
The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function.