by Mike Masnick

Filed Under:
computers, state department

State Department Spent $1.2 Billion On An Asset Monitoring System... That Ignores All Non-Windows Equipment

from the julian-assange-agrees dept

We just wrote about a GAO report showing how the Defense Department is somewhat incompetent at dealing with online threats. Of course, it's not clear that anyone else in the government is any better. The GAO is back with yet another report, dinging the State Department for its dreadful computer security monitoring program. In this case, it's talking about threats to the State Department's network, rather than to third parties. And while the State Department spent a whopping $1.2 billion of taxpayer money on a fancy computer system, called iPost, to monitor everything, it turns out that it only works on Windows machines:
But the iPost service only covers computers that use Microsoft's Windows operating system, not other assets such as the roughly 5,000 routers and switches along State's network, non-Windows operating systems, firewalls, mainframes, databases and intrusion detection devices, GAO auditors said.
I mean, this is the kind of stuff that makes you shake your head in disbelief. Somewhere in the process of building a $1.2 billion system, no one thought to point out that there are more computer assets than those that run Microsoft Windows? Really? Someone seriously deserves to be fired.

Also, for the Windows computers where you can install it, it appears that the system barely works.
For instance, iPost tools did not always scan computers when scheduled, or they created false positives that had to be analyzed and explained. One scanner vendor failed to update its technology to detect the latest, most common vulnerabilities. And tools manufactured by different suppliers produced disparate scores that staff then had to interpret and modify.
Apparently, all of this is leading to confusion where people don't even know who's responsible for what.

So can someone explain why the federal government is coming down so hard on Bradley Manning, rather than taking some of that energy and focusing on securing the State Department's computers? Honestly, from the sound of things, you have to imagine that lots of people (including tons of foreign spies) long ago broke into State Department computers and had access to all of this info, based on reports like this. If anything, it makes you wonder if the Wikileaks leak may help get the State Department to better secure things.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Morgenstern, 11 Aug 2011 @ 1:11pm

    Still doesn't make Windows any better

    Ah, but therein lies the difference between security on a Windows and on other systems. Microsoft cannot respond quickly enough to patch needs because it has to develop them in-house, whereas Linux systems rely upon a community of people to plug the holes the moment they appear. This means that Windows is more vulnerable because it's security design is inherently flawed and rooted in a proprietary non-open source model.

    Admittedly, Windows 7 is a better offering security-wise than other Windows systems, but it still pales in comparison to a basic Linux distro that comes with a firewall and locked root privileges by default. Add in the "no know viruses" carrot, and the choice is clear.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.