The falcon cannot hear the falconer

This week in the security world things fall apart, the center cannot hold, and the reason for that is because we fail to learn our lessons.

Being a little less vague this week I’m touching on the two largest pieces of security news, both of which culminated in congressional hearings for responsible parties, for all the good it will do. First up is the aftermath of an assassination attempt last week that led to multiple inquiries on the methods and actions of the United States Secret Service. Editor Cory Harris touched on the main subject of that last week, so we’ll look instead at the aftermath that saw Director Kimberly Cheatle in the hot seat.

Long story short it went bad. Judging by her attitude and responses given during the testimony I’m certain that resignation letter was typed up long before she sat down. It will probably be fast tracked out of the news cycle because there’s fresher meat to tear up every day in the face of the coming election, but there’s lessons to be learned here. Cheatle wasn’t a recent partisan addition to the service; we’re talking about a veteran who’s been with that security organization since the Clinton administration and has seen multiple other scandals, including that snafu with agents in South America several years ago. Every administration has failed to clean house in a deeply flawed organization, and if the politicians want to place blame for that, they should find a mirror.

Speaking of people not learning their lessons, the CEO of CrowdStrike, George Kurtz, was summoned to testify in front of the U.S. House Committee on Homeland Security for the monumental bungle which occurred last Friday thanks to a botched cybersecurity update pushed to its CrowdStrike Falcon platform. A lot of people are asking how such a huge flaw could have made it into a production build for such a critical piece of software, and that’s a fair question to ask.

What if I told you this has happened before? What if I noted that in 2009 George Kurtz had been promoted to CTO at cybersecurity software firm McAfee and that within six months, McAfee released a software update that deleted critical operation files on Windows XP systems around the globe that led to BSODs and boot loops?

Incompetence grows and thrives on apathy.