June 25, 2007:
A recent audit of the Department of
Homeland Security (DHS) computer networks found that, in 2005 and 2006, there
were over a thousand successful break-ins. The DHS systems were found to have
numerous weaknesses and vulnerabilities. DHS is still trying to find out which
classified information was compromised, and to what extent their systems are
now infected with software that gives outsiders regular access.
The situation at DHS is not unusual for government
computer systems. The military networks are in somewhat better shape, but all
government systems suffer from being unable to hire the people they need to
keep their systems secure. It's a very tight job market out there for network
security experts. Financial institutions and large companies in general, are
able to offer the best pay and benefits, and thus attract the best people.
But there's another serious problem. The people
running civilian organizations, especially those in charge of computer
security, are much better at their jobs than are their government counterparts.
Again, it's largely a matter of money, and working conditions. Being a computer
security manager for a government agency means you work with a smaller budget
than you would for a civilian organization of comparable size. In addition, you
have Congress, and even your own bosses, ready to hang you out to dry for any
problems in your networks, whether you screwed up or not. The media is always
ready to pounce and, well, you get the picture. Recruiting quality data
security managers for DHS, or any other government agency, is very difficult.
On the bright side, other governments have the same
problems, and often worse ones at that. China, which is one of the leading
practitioners of Cyber War, is more vulnerable than the United States because
of a relative (to the United States) shortage of network security managers and
engineers. The Chinese, since they are running a police state, are not
releasing any information about the degree to which their systems have been
penetrated and compromised, but Chinese computer users speak openly of the
shabby state of government computer security..