Wolf!

The Justice Department got off lucky. The hackers who got to its Web page a couple of
weeks back merely posted goofy pranks--substituting Attorney General Janet Reno's picture
with that of Hitler, throwing in a photograph of a topless actress, that sort of thing.


While nearly everyone gives lip service to the idea of computer security, many of the
most vociferous may have probably felt in recent months like shepherds crying wolf. The
Justice incident therefore may reinforce the seriousness of a comprehensive approach to
security.


The department, as this was written, was giving out few details on what happened. We
don't even know whether it was in insider job--a possibility that shouldn't be ruled out.
The National Computer Security Association, which offers an audit program for Web sites,
emphasizes the need for end-to-end security, as opposed to putting a firewall up only to
screen incoming breach attempts.


As far as we know, no Justice corporate databases were damaged or corrupted. But that
distinct possibility should give webmasters--and their bosses--pause. *** The IRS may be a
hard agency to love, but it performs a vital function. In recent years, its management of
major systems upgrades and development have earned it the enmity of powerful members of
Congress.


But instead of insisting on reforms to fix the problem, the Hill seems hell-bent on a
meat cleaver approach--cutting up to 5,000 jobs, most of them in systems.


The IRS' need to modernize its many systems hasn't gone away, nor has the need to get
software ready for the year 2000. So if the IRS is stumbling, why chop off a leg?


Someone has to do the work and get paid to do it. Clearly, contractors soon will be
lining up as the IRS is forced to outsource.


Yet there are some jobs that aren't totally suitable for contractors. Actual
painstaking coding for 2000 compliance is one of them. No outsider knows the code
intimately enough.


And this brings to light another downside of brainless meat-cleavering. When too much
of your institutional expertise walks out the door simultaneously, the ability to respond
to further change is seriously diminished.



inside gcn

  • security in the cloud (ShutterStock image)

    Cloud security is the agency’s responsibility

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above