When we used to do analysis and event management, some of these agencies thought we were intruding on their missions. One in particular did everything it could to have our operations shut down. They didnt do forensics, incident analysis, correlations, or anything of value, but they didn't want anyone else doing it either. This is the way of coordination centers. They coordinate but don't do much of anything of value to anyone. It becomes obvious when someone else does.
Before we fund any coordinatiion centers we should have a rule established which forces the agency establishing a new one to reduce their forces by the same number of people going into the new one. The Defense Information Systems Agency (DISA) had a center where I worked, and managed to tear it apart and scatter it out over the rest of the agency. Ten years later, I was in a high level Defense Department meeting where they asked for the exact number of people we had before they broke it up, and they wanted to do the same functions. When I asked them what they did with the people who were in the center before, they looked completely surprised. They didn't remember that they had the people and the organization before they broke it up. The Assistant Secretary running the meeting said they would have to look at the request further before making a decision. I doubt that it even slowed progress on establishment of another center.
No comments:
Post a Comment