DHS: Will Hack for Free*

With news headlines seemingly telling an unending tale of compromised security at some of the highest levels of government, infrastructure, and private enterprise, many wonder how one does go about protecting one’s self and assets from intrusion or compromise.

Penetration Tests

For many of these companies, they would have to enlist a private security firm to run “penetration tests” where various loopholes and vulnerabilities were tested and then collected into a report for review. These services are time, labor, and specialization intensive, and, as such, cost quite a pretty penny.

National Cybersecurity Assessment and Technical Services (NCATS)

But the US government is now offering a different solution: companies that fall under the descriptive umbrella of a “critical infrastructure company” you can now enlist the DHS NCATS team (Dept. of Homeland, Nation Cybersecutiy Assessments and Technical Services) to run these tests and generate a thorough report for free* (paid by taxpayers). This gives these critical pieces of infrastructure a very serious weapon in the battle against theft and data compromise, for a price that any business can handle. Implementing fixes to cover the exposed vulnerabilities, however, is another matter that is not in the scope of this service.

Due to the limited scope of this project for “infrastructure,” the amount of time it takes to generate this information, and the cost and expertise to implement prescribed fixes, this is far from a cure all for information security. But it is nice to have another ally in the ongoing uphill battle for secure data on the net.