In the spirit of the upcoming holidays, I'm going to try a constructive post for a change. Todays' Lab Newsbulletin contains a story headlined "Malicious phishing e-mail infects users who took the bait." Some excerpts:
Despite a series of warnings to Laboratory workers, a well-crafted malicious e-mail persuaded a number of employees to click on a link, resulting in the infection and confiscation of several Laboratory systems... This latest attack used verbiage that appeared to come from a Lab employee (although the associated phone number was faked), and the apparent "From:" address was a Google Gmail address rather than an internal address.All of this "be careful" language reminds me of how the Lab approached the problem of falls on the winter ice for so many years. "Be careful," "go slow," "walk like a penguin." Wonderful advice - especially in hindsight - but how about clearing off the ice and snow in the first place, boss?! Those who have taken Human Performance Improvement training (allegedly the Lab's current safety program) will recognize that eliminating the source of the error is the best line of defense.
"Because I tend to be in a rush to get through my e-mail, I tend to want to accept what makes it into my inbox," said Maco Stewart of International Research, Analysis, and Technology Development (IAT-1), coordinator of the Lab's Information Security Operations Center. "Rather than have my computer get infected and confiscated, I'm trying to make myself check twice before I actually click on something or open any attachment. Many people don't completely back up their systems, either, and the complete system wipe and rebuild that's required after an infection can really ruin a person's productivity."
In that spirit, do readers have suggestions on how to really solve the cybersecurity threat? It's been made clear on several occasions that despite what they say, LANL's senior managers read the blog very closely. So maybe this is a better way to communicate than putting up Readers' Forum letters which will simply be dismissed by some appointed lackey.
Here are a few:
1. One root cause, suggested by Maco Stewart's quote above, is simply "too damn much email." In my opinion, it is time to stick a fork in the daily LINKS which is read by nobody, except perhaps the people who write it. Earlier this week a new mailing list was created for hosts of foreign nationals (over 300 subscribers) with the explanation that "Not everyone has the time (or inclination) to read Links regularly and it is rather easy to miss items of interest, such as Tuesday's FN and FN host meeting with Terry." At least this guy has the balls to be honest. LINKS no longer contains any items of any significance because nobody trusts that it will be read. It is an abject failure, so please stick a fork in it!
2. If there is a performance bonus riding on the continued existence of LINKS, then we obviously can't get rid of it. So instead, let's ride herd on the use of internal majordomo mailing lists. I checked mine this morning and found I've been signed up for over 50 emailing lists! (Almost as bad as the holiday catalog blitz in my mailbox at home). It gets even worse when idiots start replying to the entire mailing list with "Please unsubscribe me" and then ten other idiots reply "Yeah, me too." So here's a suggestion: Immediately kill off any mailing list that has more than 5% of the laboratory population subscribed to it, unless the list owner can prove that they need to communicate time-sensitive information (e.g. road closures). All information that applies to more than 5% of the lab's population goes on LINKS or the Newsbulletin. Some of the worst offenders on my list: lanldpr (>2000 subscribers), hrp_newsletter (>2100 subscribers), fsa_mastercard_recipients (>1200 subscribers), mylanl_users (>1000 subscribers), and cremusers (>1900 subscribers). If your mailing list is that large, and you are not the Laboratory Director or a PAD, then you technically qualify as a "spammer" and should be taken out and shot immediately.
3. Some here have promoted the idea of unplugging everyone below the AD level from the network. I'm increasingly leaning toward this solution, myself.
I look forward to other suggestions from your readers.
Merry Christmas, y'all.