80% of .gov Web Sites Miss DNSSEC Deadline

netbuzz writes "Eighty percent of US federal agencies — including the Department of Homeland Security — have missed a deadline to deploy DNS Security Extensions, a new authentication mechanism designed to prevent hackers from hijacking Web traffic. The deadline that whooshed by was Dec. 31, 2009. Experts disagree as to whether this level of deployment represents a failure or reasonable progress toward meeting a mandate set by the Office of Management and Budget in the summer of 2008. OMB officials declined to say why the agency hasn't enforced the DNSSEC deadline for executive branch departments."

Re:I'm not a huge fan of DHS either

[Sir_Lewk]

The reason why the DHS gets more attention here than other departments is because they are the Department of Homeland Security. The importance of irony when ridiculing the government is not to be overlooked.

Re:I'm not a huge fan of DHS either

[tiberus]

First, let's hope it's a reason and not an excuse...
Second, Security through obscurity is no security at all or No security through obscurity.

Re:of course

[Archangel+Michael]

1) Yeah? And?

2) IT wasn't unrealistic.

How long does it take to implement?

1) Get deadline
2) Start product evaluations
3) Pick Product(s)
4) Implement Product
5) Write Howto: for all the idiots out there

If we use 3 Months (1/4 year) for each step, we're looking at 1 year, three months to implement, including figuring out time lines for implementation.

Once you start rolling out, you cookie cutter as much as you can, so you have easy, consistent configurations and implementations.

I don't get why it takes so long.