by Mike Masnick

Filed Under:
computers, state department

State Department Spent $1.2 Billion On An Asset Monitoring System... That Ignores All Non-Windows Equipment

from the julian-assange-agrees dept

We just wrote about a GAO report showing how the Defense Department is somewhat incompetent at dealing with online threats. Of course, it's not clear that anyone else in the government is any better. The GAO is back with yet another report, dinging the State Department for its dreadful computer security monitoring program. In this case, it's talking about threats to the State Department's network, rather than to third parties. And while the State Department spent a whopping $1.2 billion of taxpayer money on a fancy computer system, called iPost, to monitor everything, it turns out that it only works on Windows machines:
But the iPost service only covers computers that use Microsoft's Windows operating system, not other assets such as the roughly 5,000 routers and switches along State's network, non-Windows operating systems, firewalls, mainframes, databases and intrusion detection devices, GAO auditors said.
I mean, this is the kind of stuff that makes you shake your head in disbelief. Somewhere in the process of building a $1.2 billion system, no one thought to point out that there are more computer assets than those that run Microsoft Windows? Really? Someone seriously deserves to be fired.

Also, for the Windows computers where you can install it, it appears that the system barely works.
For instance, iPost tools did not always scan computers when scheduled, or they created false positives that had to be analyzed and explained. One scanner vendor failed to update its technology to detect the latest, most common vulnerabilities. And tools manufactured by different suppliers produced disparate scores that staff then had to interpret and modify.
Apparently, all of this is leading to confusion where people don't even know who's responsible for what.

So can someone explain why the federal government is coming down so hard on Bradley Manning, rather than taking some of that energy and focusing on securing the State Department's computers? Honestly, from the sound of things, you have to imagine that lots of people (including tons of foreign spies) long ago broke into State Department computers and had access to all of this info, based on reports like this. If anything, it makes you wonder if the Wikileaks leak may help get the State Department to better secure things.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Mr. Smarta**, 11 Aug 2011 @ 9:28am

    Nobody will get fired...

    Nobody's going to get fired. This sort of work was done by contractors who were hired to handle the Windows side of things, but either there was no contracting team to handle the "other" operating systems or somebody felt those were perfectly secure because they aren't "Windows". RedHat is most likely covered under the RedHat company, Solaris and databases for Oracle, routers and switches for Cisco.

    *nix systems are often wrongly assumed to be perfectly secure, which they aren't. The only computer immune from internet attacks is one that isn't connected to the internet (e.g. has no network capability like no wireless or NIC card, and even then that's suspect).

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.