How The NSA Secures Computers

An Anonymous Reader wrote to mention an NSA site covering secure configuration guidelines for a number of operating systems. From the site: "NSA initiatives in enhancing software security cover both proprietary and open source software, and we have successfully used both proprietary and open source models in our research activities. NSA's work to enhance the security of software is motivated by one simple consideration: use our resources as efficiently as possible to give NSA's customers the best possible security options in the most widely employed products."

Crushing defeat.

[Number44]

As an employee of IBM (I work on enterprise storage products) I have this anecdotal story to relate:

The NSA buys lots of our gear, the large multi-terabyte enterprise-class disk storage arrays. In the case I heard about, there were a small handful of boxes. We keep track of the code loaded on each of them for support reasons, so we have a good sense of where each box is and what it's doing.

Our warranty on those arrays is 3 years.

At the end of the warranty period, it is the policy of the NSA to replace the gear outright and start fresh. What we learned was, these boxes had never been put into operation and sat on their shop floor as "excess capacity" (happens in the larger shops, it's a good idea). They had never been attached as storage to their mainframes.

The NSA crushed them. Brand new, unused and perfectly functional with ZERO data on them. Crushed to scrap.

That hurts, guys. It really does. My tax dollars paid for them, my sweat and tears makes them run, and the gov't just hauls them outside and crushes them when they can't get support via the original warranty terms. They will never let a shred of data leave their shop for fear of losing control of classified info, but damn, these never had any!

Why do they treat our tax money so callously?