U.S. Agencies Earn D+ on Computer Security 190
MirrororriM writes "Seven of the 24 largest agencies received failing grades, including the departments of Energy and Homeland Security. The Homeland Security Department encompasses dozens of agencies and offices previously elsewhere in government but also includes the National Cyber Security Division, responsible for improving the security of the country's computer networks.
'Several agencies continue to receive failing grades, and that's unacceptable,' said Rep. Tom Davis, R-Va., the committee's chairman. 'We're also seeing some exceptional turnarounds.'"
The NSA? (Score:4, Interesting)
Re:GW Bush says (Score:4, Interesting)
Re:GW Bush says (Score:4, Interesting)
I would worry in the next generation when legit techies + Patriot Act starts invading all your privacy.
Comment removed (Score:5, Interesting)
Re:One More Reason... (Score:1, Interesting)
Re:Psst... (Score:1, Interesting)
Re:FOIA makes computer security mute (Score:2, Interesting)
Re:One More Reason... (Score:2, Interesting)
Give me a fucking break.
None of you assholes have yet even questioned the grading criterion. I bet most of the places you work at (assuming you are working) would hardly score a C.
Most .gov computer agencies data centers are run by contractors. Yes, those people that charge $700 for a hammer because fucked-up gov specs require a new machine to be built to manufacture the thing.
I've been a contractor since the `computer department' was called `DP'. I think we're into the I's now (IS, IT, what-the-fuck-ever). For the agency I contract to, we take computer security shit seriously. Public access into DMZ zones only. VPN's both inra- and inter-net. `Best practices' password bullshit and all that.
Oh, have I mentioned that we also run linux. And Solaris and z/OS and XP and 2000 and NT and about any other OS you can think of. This is not a mom & pop show. We're talking nationwide enterprise interfacing with all 50 states, national territories, and `friendly' nations.
Of course, .gov does not make the job easy. Us contractors know tho what has to be done. For example, I am now a contractor to a contractor to the .gov. My customer is supposed to be the contractor. The bottom line is, for the geeks lie me, is to do right for the agency. We just have more layers of management bullshit to go thru.
Not that the .gov pricks help any. They are mostly clueless bastards in a king-of-the-hill battle. My budget is larger than yours, Nah Nah Nah. Be thankful that most .gov agency work is done by private hacks like myself that actually care.
Re:The Failing Grades (Score:1, Interesting)
Hell, tell that to all the losers who couldn't get promoted past captain (speaking about Air Force, specifically) but after separating with their government-funded TS clearance go on to make 6 figures working for BAH or Lockheed or Raytheon or some other giant trying to fill a TS position for a contract they just won because they have a retired general as division manager.
Where there's money and big organizations, there are slackers and waste. The military isn't special in that regard.
Be careful of the solution (Score:3, Interesting)
That's a knee-jerk reaction to stereotype faceless bureaucracies. To keep my soapbox short, I chalk up most of my negative experiences working within the gov't to the political side of human nature, and those inefficiencies are always going to be there. Until we fiure out how to breed perfect administrators.
each of those agencies will need to hire specialized people and consultantsA solution to this is being tried: NMCI (Navy Marine Corps Intranets) is one poor example of standardizing IT (and with it some security issues) across agencies. Unfortunately it's implementation is stifling to engineers, scientists and non-bureaucrats, and you really don't want to know how much the individual components are costing taxpayers. If NMCI is cutting edge for IT security, then security technology's got a long way to go to not throttle productivity! We'll take local IT mgmt over NMCI anytime.
Re:The NSA? (Score:1, Interesting)