Editor's Desk | Unwanted bounty
- By Thomas R. Temin
- Jul 20, 2006
Thomas R. Temin
The government's table is straining from the weight of security lapses. The State Department got an old-fashioned hacking. A Veterans Affairs computer laden with data was stolen. NIH called in the cops on an identity theft ring. Agriculture, the IRS, Social Security and the Navy have joined the crowd.
Any large, far-flung institution is vulnerable to attacks on its information and systems. In the mainframe days, tapes moved from point to point in armored trucks. But somewhere around 1980 a knowledge worker discovered the power in VisiCalc and hauled his or her own 8-bit microcomputer to the office. That was like the big bang, shooting data and computing into ever-larger spheres.
It is not clear whether the recent spate of security breaches is really a trend or agencies are reporting things more. But the Office of Management and Budget response is predictable: Review policies and strengthen controls.
This shouldn't be news, but it is.
For most people, IT security is a daily, slightly intrusive, in-your-face reality. Two examples:
A gym rat friend of mine works for a big, three-letter government contractor. He was complaining the other morning, between stomach crunches, about his employer's multi-multilayer security measures; how if everything isn't just so, his supervisor's boss calls with warnings.
Earlier this month I attended, with my son, freshman orientation at a Big 10 university. Staff wasted no time indoctrinating everyone into the strict network security policies. If the system detects a virus when you log on, you get cut off then and there.
For such organizations, IT security is a shared responsibility among all who use and depend on the network resources.
This is especially urgent for the government, because evidence is mounting that attacks are coming from countries that, even if friendly, are economic competitors. That's to say nothing of terrorist groups.
Policies and procedures are a burden, but so are consequences.