Weaponization of the Lesser-Known Parts of the U.S. Government
When we were doing the original cyber program back in 2007 one of things that we had to do was understand and count all the independent agencies and boards of the U.S. Government. The first step of effective cybersecurity is that you have to be able to count all the servers, endpoints, and internet access points. You can only defend what you can count. We gave up counting at about 200 entities. There is an archived record from the Bush Administration that shows close to 140. I don’t think this is the cumulative list because it doesn’t list the Marine Mammal Commission which had one .gov computer.
Back then we didn’t have an orchestrated domain system and we found government systems and computers on all kinds of non .gov domains.
