This story at InformationWeek isn't the first time we've read about the woeful state of Federal information security. The scary reading clearly is backed up by a litany of disappearing laptops and other Keystone Cops capers.
The story goes into great detail about a Government Accountability Office report that excoriates the state of the FBI's information security. In one paragraph, the writer points to eight or nine major shortcomings (inconsistent configuration, failure to use strong encryption, failure to log audit and monitor security-related events, etc.) that could make systems vulnerable to inside attack.
After the unease wears off a bit, an observer is left to wonder whether the problem is more a lack of accountability and corporate inertia than the possibility that security is being run by the descendents of Benny Hill. It's unthinkable that a public company would act this way. The IT staff would be replaced en masse.
It's frightening to think that the formula for baby food or the vote tallies for American Idol are better protected than our most sensitive national secrets. But that apparently is the case.
The corrective isn't more reports from the GAO or other watchdogs. The problems seem so chronic that it may be time to divorce information security from the bureaucracy that it's protecting. The most extreme approach would be privatizing at least some elements of governmental security.
A blogger commenting on the report made the trenchant observation that it would be smart to fix these problems before implementing a cutting-edge biometric identification system. The FBI doesn't think so; the blogger linked to a Federal Computer Week story on the project.
It would be easy to ascribed the failures -- and the irony of buying a cutting-edge system while the infrastructure behind it is made of cyber Swiss cheese -- to lackadaisical or incompetent personnel. But the reality is that this probably isn't a personnel issue. There are a lot of very intelligent and dedicated people working for the government. The problem most likely is bureaucratic inertia and the fact that organizations are set up to serve the status quo.
In this case, that status quo is dangerous.