Slashdot Mirror
U.S. Agencies Earn D+ on Computer Security
MirrororriM writes "Seven of the 24 largest agencies received failing grades, including the departments of Energy and Homeland Security. The Homeland Security Department encompasses dozens of agencies and offices previously elsewhere in government but also includes the National Cyber Security Division, responsible for improving the security of the country's computer networks.
'Several agencies continue to receive failing grades, and that's unacceptable,' said Rep. Tom Davis, R-Va., the committee's chairman. 'We're also seeing some exceptional turnarounds.'"
What about the NSA? I'm sure that they take computer security a little more seriously. - Taj
Tell the truth and you won't have so much to remember.
I love the fact that we have this awesome new homeland security department... as well as fairly crappy homeland security.
"Things are more moderner than before- bigger, and yet smaller- it's computers-- San Dimas High School football RULES!"
This generation of old crusty politicians running the homeland security department is not going to be much, so an F grade wouldn't surprise me.
I would worry in the next generation when legit techies + Patriot Act starts invading all your privacy.
So Cletus, after you get rid of the government agencies, who is going to mind the radioactive waste (Dept of Energy) and legal & illegal aliens (Dept of Homeland Security)?
When I studied computer science, you needed over 65% on both the lab portion and theory portion of any 2nd, 3rd or 4th year class in order to pass. Anything less C = {C-,D+,D,D-,F} was considered a failing grade. The US government isn't alone in it's failing grade, though that doesn't let them off the hook for having poor security.
And the nice thing about computers is that things change. And its amazing how long you can draw FOIA requests along. Those 2 factors are wonderful things for security. That and if it does expose a serious exploitable flaw, we dont have to release it.
Give me a fucking break.
None of you assholes have yet even questioned the grading criterion. I bet most of the places you work at (assuming you are working) would hardly score a C.
Most .gov computer agencies data centers are run by contractors. Yes, those people that charge $700 for a hammer because fucked-up gov specs require a new machine to be built to manufacture the thing.
I've been a contractor since the `computer department' was called `DP'. I think we're into the I's now (IS, IT, what-the-fuck-ever). For the agency I contract to, we take computer security shit seriously. Public access into DMZ zones only. VPN's both inra- and inter-net. `Best practices' password bullshit and all that.
Oh, have I mentioned that we also run linux. And Solaris and z/OS and XP and 2000 and NT and about any other OS you can think of. This is not a mom & pop show. We're talking nationwide enterprise interfacing with all 50 states, national territories, and `friendly' nations.
Of course, .gov does not make the job easy. Us contractors know tho what has to be done. For example, I am now a contractor to a contractor to the .gov. My customer is supposed to be the contractor. The bottom line is, for the geeks lie me, is to do right for the agency. We just have more layers of management bullshit to go thru.
Not that the .gov pricks help any. They are mostly clueless bastards in a king-of-the-hill battle. My budget is larger than yours, Nah Nah Nah. Be thankful that most .gov agency work is done by private hacks like myself that actually care.
Yeah, right. Tell that to my Air Force wife whose office can't keep the printer working because the office IT guy is a total slackass. Tell that to the poor bastards working on the legacy COBOL systems. Tell that to the comm guys wasting their time (and our money) adding enterprise-grade wireless routers to generals' houses so they can play with their new tablets.
Hell, tell that to all the losers who couldn't get promoted past captain (speaking about Air Force, specifically) but after separating with their government-funded TS clearance go on to make 6 figures working for BAH or Lockheed or Raytheon or some other giant trying to fill a TS position for a contract they just won because they have a retired general as division manager.
Where there's money and big organizations, there are slackers and waste. The military isn't special in that regard.
That's a knee-jerk reaction to stereotype faceless bureaucracies. To keep my soapbox short, I chalk up most of my negative experiences working within the gov't to the political side of human nature, and those inefficiencies are always going to be there. Until we fiure out how to breed perfect administrators.
each of those agencies will need to hire specialized people and consultantsA solution to this is being tried: NMCI (Navy Marine Corps Intranets) is one poor example of standardizing IT (and with it some security issues) across agencies. Unfortunately it's implementation is stifling to engineers, scientists and non-bureaucrats, and you really don't want to know how much the individual components are costing taxpayers. If NMCI is cutting edge for IT security, then security technology's got a long way to go to not throttle productivity! We'll take local IT mgmt over NMCI anytime.
Is it a rule, that there's an exception to every rule?