Skip Links

Network World

  • Social Web 
  • Email 
  • Close

(Comma separation for multiple addresses)
Your Message:

Incident response: Don't lie

Honesty is the best policy
Security Strategies Alert By M. E. Kabay , Network World , 10/23/2007
Sign up for this newsletter now!

Mich Kabay takes a high-level view of security issues and provides resources to help safeguard your corporate and personal security.

  • Share/Email
  • Tweet This
  • Comment
  • Print

A couple of recent news stories got me thinking about the confluence of practicality and morality that should inform effective computer incident response.

The first case may seem silly: Richard Marson, the editor of a popular child’s show called “Blue Peter” on the British Broadcasting television network was suspended in September 2007 “after it emerged that the wrong name had been chosen for the new Blue Peter cat in an online poll.” Apparently the children wanted “Cookie,” but upper management allegedly ordered the staff to chose “Socks” - and Marson is taking the consequences.

The second news report is much more serious and will touch many readers deeply. In brief, there is overwhelming evidence that U.S. Army doctors have been deliberately lying about the medical condition of veterans returning from the U.S. invasion of Iraq. In many documented cases, the doctors have unjustifiably labeled wounded veterans as suffering from pre-existing personality disorders.

The wounded veterans are therefore denied their well-deserved medical benefits because they are discharged under Regulation 635-200, Chapter 5-13. The benefits withheld are estimated in the tens of billions of dollars and many of the veterans and their families are suffering severe financial woes.

Worse, new investigations reveal that assurances of independent review of the situation made by Maj. Gen. Gale Pollock, acting surgeon general of the Army, are outright lies. Pollock claimed that she had ordered a “comprehensive review… conducted by a panel of health experts” but a single reviewer, Col. Steven Knorr, was the only author of the first report. Knorr was in fact one of the psychiatrists allegedly mislabeling many of the wounded veterans as suffering from the pre-existing personality disorders being contested.

As a result of the scandal, Rep. Bob Filner (D-Calif.), chair of the House Committee on Veterans’ Affairs, scheduled public hearings on the matter in July. The investigations continue.

In both of these cases, the dishonesty of managers has resulted in embarrassment and additional expenses for their organizations. Employees have been scrambling to gather information more quickly than they would have under normal circumstances; public relations staff are undoubtedly working overtime - and perhaps making yet more mistakes because of the pressures to recover credibility. Supervisory bodies have been dragged into investigations. I’m sure that morale among employees is damaged.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Comments (5)
Login
Forgot your account info?

RE: Incident response: Don't lieBy Anonymous on October 23, 2007, 10:53 amI read your article for your experience and acumen on networking related issues. Kindly limit your biased political agenda and opinions to another forum. I will...

Reply | Read entire comment

Incident Response: Don't LieBy Sanford Sherizen on October 23, 2007, 4:05 pmMich, Regarding the Citibank case. As far as I know, Citibank was the first major American institution to respond to a computer crime by highlighting its security...

Reply | Read entire comment

Don't LieBy Randy Freston on October 24, 2007, 8:26 amAs a veteran and an information security professional, I find the unjust discharges of our service members very disturbing. I also consider them directly linked...

Reply | Read entire comment

Umm... Where does thisBy Anonymous on October 24, 2007, 11:11 amUmm... Where does this article bash Bush? How is telling someone not to lie a political agenda? Did you tell your mother to stop spreading her political diatribe...

Reply | Read entire comment

It DOES bash Bush.. read it again...By Anonymous on October 24, 2007, 11:22 pmThe article does bash Bush... read it again... and again... and again... I had to read it like seven times before I figured out what it had to do with InfoSec....

Reply | Read entire comment

View all comments

Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed