The House Government Reform Committee released its annual report card on federal computer security and DHS — which got an F in 2004 — received another F for 2005.It's inexcusable that this situation has been allowed to persist - and I blame both Congress and the Administration for not dealing with the problem and forcing better security practices. There are still a few bits of information that are necessary to have a better idea of what is going on - how the government has done in prior years, the metrics involved (and whether they have changed), and what the private sector has done (for comparative purposes).
The Department of Health and Human Resources, which would manage the bird flu if it reaches our shores, also got an F, as did the Departments of Energy, Agriculture, Interior and Veterans Affairs. Joining them at the bottom was the State Department, which earned a D+ in 2004 but dropped to an F last year, and the Defense Department which slid from a D to an F for 2005. The overall grade for federal agency computer security was a dismal D+.
This report raises serious issues that should be addressed. But if that doesn't get your attention, maybe this story should raise concerns:
No more than 200 yards from the main gate of the sprawling U.S. base here, stolen computer drives containing classified military assessments of enemy targets, naming corrupt Afghan officials and describing American defenses are on sale in the local bazaar.Operational security could be jeopardized because of inadequate security at any point, including the possibility of it being stolen by someone taking the entire computer or hard drives that are inadequately wiped of sensitive information before being discarded.
Shop owners at the bazaar say Afghan cleaners, garbage collectors and other workers from the base arrive each day offering purloined goods, including knives, watches, refrigerators, packets of Viagra and flash-memory drives taken from military laptops. The drives, smaller than a pack of chewing gum, are sold as used equipment.
The thefts of computer drives have the potential to expose military secrets as well as Social Security numbers and other identifying information of military personnel.
A reporter recently obtained several drives at the bazaar that contained documents marked "Secret." The contents included documents that were potentially embarrassing to Pakistan, a U.S. ally; presentations that named suspected militants targeted for "kill or capture," and discussions of U.S. efforts to "remove" or "marginalize" Afghan government officials considered "problem makers" by the U.S. military.
UPDATE:
What to make of this story that supposedly sensitive details about Air Force One were posted to the Internet? The Officers Club and Wizbang have more. Let's just say that one should have a wee bit of skepticism over what was reported and whether it actually revealed anything useful or even remotely sensitive. Simultaneously, one has to wonder whether the media should have run this particular story in the first place.
However, it does feed into the larger problem of security breaches and data security by government entities. It is a problem that must be addressed sooner rather than later.
No comments:
Post a Comment