NIE is experiencing continued technical problems with the e-mail quarantine appliance. The vendor is currently working to resolve the lockup issues. In light of the current delays the decision has been made to release the quarantine e-mail to users rather than have them selectively release messages. We learned over the Thanksgiving break that we cannot release it all at once. We will release it in a staged manner (algorithm to be determined by NIE and the Vendor) over the next two days. We will try and factor in priority needs. We again apologize for the major inconvenience this has caused and we will take this operational experience into account when we plan future cyber protections.
------------
Principal Associate Director
Science, Technology and Engineering
Los Alamos National Laboratory
Jan 6, 2009
Subscribe to:
Post Comments (Atom)
29 comments:
"...we will take this operational experience into account when we plan future cyber protections..."
No they won't! They never do!
What is NIE?
Does this exlain why email from my private address does not reach LANL employees?
Network Infrastructure Engineering
How many millions of dollars does LANS/LANL get to run this place and they can't hire competent computer people (still can't use IE) or buy decent internet software so that people can get their e-mails?
SO why did these morons get a 1 year extension added to their contract? FOr this kind of performance? Good grief my son can do a better job.
"Good grief my son can do a better job."
I know a guy who runs a blog who is considering throwing his name in the hat if the management contract is rebid this year. And yes, there will be profit sharing. And no company paid sports cars.
MBB: Management By Blog!
Oh yes, and I will not go around claiming I don't read the blog.
I can honestly say that I am glad that LANS was not running this place for the first 60 years. We would not have only lost WWII but also the cold war, etc.
This is a complete cluster f*Ck - nobody releases not-ready-for-prime-time systems before they are ready.
Network Infrastructure Engineering?
Are those the ones that used to be CCN-5?
7:54 PM - if you haven't realized, our computer "support" sucks and is no longer a useful organization.
I know a guy who runs a blog who is considering throwing his name in the hat if the management contract is rebid this year.
Director Pinky ... I like the sound of that! ;-)
Hi - I DO NOT WORK FOR CYBER,CIO, CCN, CTN or NIE....etc
I was aware that a problem existed on Monday morning that all was not well with releasing emails after the shutdown. Rather than getting into all the specifics and idiotic responses from ALL computer support personnel that are supposed to provide support services at the lab which in my view are a sham and disgrace. I will provide my view on the matter.
1. The ProofPoint Lab wide email quarantine was totally unnecessary.
2. In normal operations all E-mailis are stored on mail servers until the end user runs his/her email program and requests email be downloaded.
3. If the lab is closed and no one is using computers and requesting email then what is the problem? All the emails are safely stored on mail servers.
4. These were emails that during normal operations we would have received anyway.
5. Allowing .edu and .gov domains email messages to be delivered is real stupid if the guise of this fiasco is to prevent some perceived cyber threat via email. How secure and safe are systems on the .edu and .gov domains?
6. NIE/CIO stated that if one was to catch something from an email message during the shutdown there would be no personnel available to respond. Think about it, this is a really stupid statement.
7. The CIO seems to always be blowing smoke up managements rear ends and they buy into it. It reminds me of the lab manager that had no computing experience and went to a big computing convention. Listened to some bullshit artist consultant and vendor and committed 20 million for some software that was a total failure.
8. The CIO should be fired and the rest of the NIE managers probably should be also for not having the balls to stand up and speak up to foolish decision making. Perhaps they are clueless as well.
9. Coverup, hand wringing and excuses deluxe will be coming shortly.
I heard that the Bechtel CIO had to be told what a IP address is.
F*cking surreal.
Let's recap:
Under normal operating conditions, email is screened for potential spam and other suspicious characteristics. These are quarantined and, for the most part, ignored by staff. Everything else is delivered. Productivity - or what passes for it - ensues.
During holidays, all email is quarantined with the promise that it can be released at any time. Lab technical staff, recognizing that the holiday closure time is unencumbered by meetings, training, and the like, try to access anticipated emails and discover that no spam digests are being delivered. Frustration ensues.
Upon return to work, the entire laboratory wastes time trying to access hostage emails. Upper management admits technical issues exist and encourages patience (but not too much patience, Jan 16 being the drop dead date). Lab staff excercise patience. A few hardy souls get through to the server, during the wee hours of the night, but nothing happens.
In the end, everything is released. So the result of this cybersecurity initiative is:
- Increased risk of malware, since all spam was delivered along with the good stuff.
- Lost productivity for employees.
- Lost credibility with the outside world, much of which actually worked during the break.
- Increased hate and discontent for CIO and upper management.
All in all, another successful LANS project. Bonuses all around!
Users can only download one email at a time from the proofpoint server. I have over 300 messages in the queue that I cannot even touch. On top of all that, all email remaining on the proofpoint server on January 16th will be deleted, so we are behoven to persevere with persistence and make sure we get our email before its deleted. Lab computer support personnel have quite an attitude these days. Same goes for those that run the stupid and inadequate pager system.
I manually patched my IE browser for the big XML security hole, yet the LANL network still refuse to let a properly patched IE browser onto the web.
If I could manage to patch my IE browser to make it secure (which I did several weeks ago), why, in heaven's name can't LANL computer support manage to get out this very same patch using SMS? And why can't LANL networks seem to recognize when an IE browsers has been properly patched and let it have access to the web?
LANS gave the computer support orgs a lot of new powers and even allowed them to start new taxing schemes to raise funds. We are not getting our money's worth from either the computer support orgs or from LANS LLC.
all I ever hear from "computer support" is OH I'M NOT A MAC PERSON.....
But then look on the bright side. Proofpoint could be a wonderful tool to improve productivity. We just have to make sure that all memos from CIO, AD's and so one are quarantined and then we could continue to work.
The other possibility would be to quarantine upper management during the year and let them out over holidays, so that they could play management then. Kind of proofpoint with a bar over it.
all I ever hear from "computer support" is OH I'M NOT A MAC PERSON.....
1/7/09 5:29 AM
How ironic. If the majority of the lab used Mac's on the desktop we could eliminate a high percentage of all these cyber problems.
But, you wold not be able to get any computing support.
Fortunately I work in a mostly Mac organization and provide local support without institutional computing support. Works better.
Sooner or later some kind of minor fix will be implemented. Then, just like DAHRT, there will be a loud declaration of success, a few people will get promoted, and Mikey's bonus will be increased.
Terry sounds like he's a bit scared. Perhaps he's been taking some pointed complaints on this latest fiasco?
1/7/09 6:10 AM: Brilliant!! It would certainly increase productivity, as well as improve moral.
Who says there are no constructive suggestions on this blog?
"Fortunately I work in a mostly Mac organization and provide local support without institutional computing support. Works better. - 1/7/09 6:22 AM"
Hey, you can't do that! You're not in the teaming spirit. You must cowtow to the idiot computer support folks like the rest of us.
In our area, if a pc has a problem it immediately gets the disk wiped, the operating system reinstalled and user files replanted...sometimes iterating the procedure several times before a simple fix is achieved. What school did these people go to? All they can do is follow a cookbook. There is no cognizance or intelligent thought going on.
The expertise of the computer support groups at LANL has seriously declined.
Years ago, most of the people doing computer support were top notch (typically Unix gurus) and knew more about computers than almost anyone else on the staff. Today, computer support is filled with a bunch of poorly educated newbies who use simply cook-book approaches so they don't have to properly analyze the problems.
It's not clear to me how many of the people in computer support passed the qualification tests for these jobs. Perhaps there are none.
"We again apologize for the major inconvenience this has caused and we will take this operational experience into account when we plan future cyber protections." (Wallace)
Are you kidding me? No, they won't!
NIE = Nerds Institute of Electronics ;)
While I am not with desktop support, I do know why they are doing the cookie cutter approach to support and that is because they do not have enough personnel to do the job and therefore take shortcuts wherever they can. It is said that computer support should be 1 tech to every 80 to 100 people (Gardner Group's recommendation), but right now, most techs are supporting at least double that. I don't know about you, but if I was being hammered with double the amount of work that was to be expected of me, I would be cutting corners too!
The ratio at lanl is lower than that. There are plenty of computer techs at the lab. It boils down to lack of technical skills and work ethics. Being sagacious is also a trait that most of the desktop support people at the lab are lacking in. Simple as that.
8:49, I'm not buying it. The computer support organizations have steadily decreased the scope of their people's jobs. No support to Mac users. No support to techncial or programmatic software. No support to programmatic servers. No support even to 64-bit WinXP. Line organizations had to perform their own yellow subnet accredications.
But hey, if you've accidentally deleted your Eudora In Box, you might be able to get help.
Sorry 9:44, no more support for Eudora. Hvaen't you heard?
Post a Comment