I work in the information technology profession. I am attached to financial and legal systems. One thing that is very important to do when you are testing systems or processes is to make sure that your test is coordinated or completed in a separate environment than production. In addition to that very obvious requirement, when you are testing you should let all of the relevant people know that you are testing, what you are testing and how long you will be testing. So ideally, your test should be imperceptible by your business partners and stakeholders. But in case it's not, you should communicate that the anomalies they may experience are part of a test. If you don't take these steps then your customers and business partners may experience or see changes and lose their religion. They will do things like calling your boss in a panic, escalating the "problem" to department heads or on-call production support, or worst of all, contact people like CIO's, partners, executive vice-Presidents, the IRS or other law enforcement.
It's probably better that the last group of people doesn't know your name, if it's being mentioned along with some sort of production meltdown or apparent criminal activity. So again, to avoid all of that unpleasantness, you should let people know what and when you're testing and what the expected results are. Unfortunately the Michigan Democratic Party forgot this basic concept in its zeal to do battle against hacking.
The DNC said Tuesday it had thwarted what it to believed to be a hacking attempt two years after Russian operatives sent the party into disarray by hacking into its computers and facilitating the release of tens of thousands of emails amid the presidential election.
But Chief Security Officer Bob Lord said Thursday the suspected cyber attack that sparked fears now appears to be part of a test created by a third party that "mimicked several attributes of actual attacks on the Democratic Party's voter file" without party authorization.
The Michigan Democratic Party's involvement was first reported by The Washington Post. A source confirmed to The Detroit News the state party gave the "green light" for a group called DigiDems to conduct the test without authorization from the DNC or its vendors. A web security firm using artificial intelligence uncovered the unusual activity. The DNC was notified Tuesday, it said.
The party's voter file contains information on tens of millions of voters. The attempt was quickly thwarted by suspending the attacker’s account, and no information was compromised, a party official said earlier this week.
Full Story
But Chief Security Officer Bob Lord said Thursday the suspected cyber attack that sparked fears now appears to be part of a test created by a third party that "mimicked several attributes of actual attacks on the Democratic Party's voter file" without party authorization.
The Michigan Democratic Party's involvement was first reported by The Washington Post. A source confirmed to The Detroit News the state party gave the "green light" for a group called DigiDems to conduct the test without authorization from the DNC or its vendors. A web security firm using artificial intelligence uncovered the unusual activity. The DNC was notified Tuesday, it said.
The party's voter file contains information on tens of millions of voters. The attempt was quickly thwarted by suspending the attacker’s account, and no information was compromised, a party official said earlier this week.
Full Story
I have had some bosses who micromanage more than I like. On the other hand you can't just go do whatever you want in systems that are shared and monitored by people outside your little group. Always touch base to let your team know what you're doing. You can avoid minor (and major) embarrassments.
