GovernmentExecutive.com

Return to Article: Feds losing war on information security, senators told

• 47130
  

  Why is the Air Force now looking for 1 Security Contractor to do the same work that DOD Civilians are still doing in house. It is a known fact that Contractors are more costly, and with recent break in of Security information of the State Dept. Computer leak. Air Force reports they are in the red for spending so why are they going to take out 2-3 year old system so they can have another contractor Air Force wide install another new system. Air Force had bld. Security as Real Property and now they state it is not(flip flopping) so they can get a contractor to replace civilians. Contractors have cost more money and then the civilians and military have to correct. QA inspectors are over looking jobs that they are not trained, certified on. Paul Delacot, AFGE Local 2356 President

  Paul Delacot Posted March 25, 2008 8:34 AM
• 46770
  

  "losing war"

  Wrong title.

  How about citizens "winning war" on government accountability.

  cyber_rigger Posted March 19, 2008 10:30 AM
• 46496
  

  Our security is also threatened by the major replacement of gov't workers with contractors. We had our long time IT support person replaced with a contractor position 2 years ago. The position is like a revolving door - 5 different people in 2 years, one of who was escorted out in handcuffs due to a criminal record that was accidentally uncovered by an employee.

  ritgar Posted March 14, 2008 3:21 PM
• 46469
  

  "Despite the progress reported by agencies, they continue to confront longstanding information security control deficiencies that limit the effectiveness of their efforts in protecting the confidentiality, integrity and availability of their information and information systems,"

  Not surprising. Some federal agency IT managers tend to blow off investigative responsibilities when a potential internal concern is brought to their attention. It has been my experience that OSC may not fully consider and address such concerns when brought to its attention through whistleblower retaliation complaints.

  IT security is drilled into us at least annually, but when employees report suspicions some managers apparently see it as an unwanted additional task to actually investigate and/or they are not knowledgeable enough to engage the consideration of simple automated investigative techniques. Very poor OpsSec!

  Reminds me of past federal "Total Quality Leadership" initiative; federal management appeared to approached it as an unnecessary burden on supervisors and management to actually put quality in leadership into practice. There is an apparent lack of quality in leadership which also affects OpsSec and the system of checks and balances in federal service.

  Of course, some might think this situation would be improved through "privatization". What a sick joke that concept plays on the taxpayer!

  Fed IT Specialist Posted March 14, 2008 11:05 AM
• 46466
  

  If you really want to stop the cyber attacks, then replace all the crappy Dell's, Gateway's, and other "PC" with computers from Apple. Yes, you read that right replace all government computers with iMac and Power PC and Macbooks. Replace all government servers with Apple's OS X (OS Ten) server. Apple OS Ten uses the Unix as it's OS which is far more secure and harder to "hack" then Microsoft's (Microcrap's) Windows. I know most of the government "computer specialist " (Microcrap borg's) won't believe me, so I dare ANY computer specialist to call Apple and try using Apple's computers and software for three or four months. I bet that you will never return it. As a reward, I will happily accept a government issue iMac to replace this NMCI piece of Dell junk that I am force to use now.

  John Jira Posted March 14, 2008 10:58 AM
• 46449
  

  This sounds again like private industry hyping the security threat to sell more security devices and services. Could Congress please find out how many actual breakins there have been over the reported period and the seriousness of the breakins? And we don't want the standard DHS answer that we can't tell you but trust us because telling the public would alert the cyber terrorists and let them know they are succeeding. Before spending any more taxpayer funds on unnecessary security measures without the proper cost/benefit analysis or in this case, the threat ratio of breakins/attempts number, we should demand some facts that justify spending one more dollar. A standard risk analysis needs to be performed and independently validated before making any more decisions. Between industry and the GAO crying wolf, the federal government has wasted billions on unsubstantiated threats. It has become a political football to scare the people and direct more money to the private sector. "Show me the money" before panicking any more as they are trying to do with this type of testimony and hearings. Come on public - ask those questions and demand answers from your representatives. This is costing you dearly with wasted unnecessary funding and regulations just to help contributors make a buck.

  Retired government employee Posted March 14, 2008 8:42 AM
• 46433
  

  The problem gets down to what experts have been saying for years. The government is too invasive into people's lives. It collects too much sensitive information that it doesn't actually need. Then it spreads the information over a multitude of agencies which greatly increases the risk of it being mishandled.

  The solution isn't to throw more money at it but to eliminate unnecessary data and databases and stop acquiring personal information that isn't really needed. Also, what is not online is unlikely to be hacked. So don't put sensitive information online. Stop wasting money and use some common sense.

  Robert M. Posted March 14, 2008 7:45 AM