Get PJ Media on your Apple

The PJ Tatler

by
Bryan Preston

Bio

July 9, 2013 - 7:57 am

A day after President Barack Obama announced a “smart government” initiative to distract from his government’s abuses and wastefulness, there is fresh evidence that our government is in fact braid dead stupid. Ars Technica reports on the case of the Economic Development Agency. The EDA, a part of the Department of Commerce, got word that its computer systems had become infected with some malware.  Its response was the opposite of “Keep Calm and Carry On.” Its response was to panic, run around randomly, and destroy stuff.

EDA’s CIO, fearing that the agency was under attack from a nation-state, insisted instead on a policy of physical destruction. The EDA destroyed not only (uninfected) desktop computers but also printers, cameras, keyboards, and even mice. The destruction only stopped—sparing $3 million of equipment—because the agency had run out of money to pay for destroying the hardware.

The total cost to the taxpayer of this incident was $2.7 million: $823,000 went to the security contractor for its investigation and advice, $1,061,000 for the acquisition of temporary infrastructure (requisitioned from the Census Bureau), $4,300 to destroy $170,500 in IT equipment, and $688,000 paid to contractors to assist in development a long-term response. Full recovery took close to a year.

The full grim story was detailed in Department of Commerce audit released last month, subsequently reported by Federal News Radio.

It’s the cluelessness that’s most alarming about all this. As the report points out, the IT folks at the EDA had no idea what they were dealing with, so they went nuts and wrecked things that didn’t need wrecking. Those same IT folks have no idea what constitutes a real, bona fide threat to their systems. So they won’t see one coming. They’ll be too busy acid burning PC monitors and sledgehammering innocent mice.

Bryan Preston has been a leading conservative blogger and opinionator since founding his first blog in 2001. Bryan is a military veteran, worked for NASA, was a founding blogger and producer at Hot Air, was producer of the Laura Ingraham Show and, most recently before joining PJM, was Communications Director of the Republican Party of Texas.

Comments are closed.

All Comments   (6)
All Comments   (6)
Sort: Newest Oldest Top Rated
I managed a large IT dept of a major aerospace company in the past.
The REAL issue here is the total incompetence of the govt IT dept staff. What are they paid for? How much are they paid? What are their qualifications?

Follow the money. $1,500,000+ paid to OUTSIDE consultants for info that the agency's IT dept should have been able to do itself. Who were these contractors? What were their connections to agency management? Sounds totally suspicious to me.

Another tip of a scandalous iceberg in a government to large to manage and control.
40 weeks ago
40 weeks ago Link To Comment
There was a time I would have been utterly shocked by a story like this but that time passed a few years ago.

I was exchanging emails with a friend who is fairly senior in IT circles in one of the biggest Ontario government ministries. She mentioned that they were having a lot of excitement in the office that day as they dealt with a "Java virus". As someone who was programming in Java and knew that Java was carefully designed to be practically invulnerable to viruses, I was curious and asked for details.

Apparently, someone had received an email that a specific Java file was a notorious source of viruses and had noticed that exact file was on their computers. They had immediately panicked and started deleting files. Apparently, the whole IT department was in an uproar and there was a flurry of frantic activity. I asked her the name of the file and was immediately surprised to find that it was one I knew: it was the Java debugger component which was shipped as standard part of Java and was absolutely harmless. I got online and checked a few security sites and immediately determined that this was a known hoax. Symantec and other computer security companies had clearly established that the Java debugger was harmless; someone had simply circulated a completely bogus warning that it was dangerous.

I was struck by the irony of the IT department of a major government ministry not taking even the basic step of checking readily-available websites to determine if this was a real threat and not holding off on taking corrective action until they checked it out. I don't think it even occurred to them. As far as I could tell, they just ran around like the proverbial headless chickens in full panic mode.

I never heard the full extent of their panic so I don't know if they actually destroyed any of the hardware in their offices. I'd like to think that they merely wasted several hours of time and deleted a bunch of harmless files. But I really wouldn't put it past these people to do what their American counterparts did and actually start destroying computers, mice, and so forth.
40 weeks ago
40 weeks ago Link To Comment
The Great Plague was caused by rats carrying bacteria. Rats are related to mice and viruses are like bacteria. QED.

/bureaucrat
40 weeks ago
40 weeks ago Link To Comment
I am sure that this decision was made by someone or a committee and that this person/body was told that keyboards/mice/monitors do not have the capability of being infected with viruses and that person/body did not listen or that the person/body was not told that--I don't know what is worse.
40 weeks ago
40 weeks ago Link To Comment
If (and, practically, only if) it's a state-sponsored attack, a mouse could certainly be an attack vector, basically covertly enclosing an infected USB flash drive or other malicious USB device in addition to the pointing device.
40 weeks ago
40 weeks ago Link To Comment
Speaking as someone on the inside of gov't IT this craziness doesn't surprise me. There are two, very much opposed, mindsets at work at all times. First - when in doubt: Shut Down Everything!. Second - move everything to "The Cloud" even though we're not sure what it is today and have no means to insure information security.

For example: a few years ago my agency tried to set a policy that forbade employees from traveling with their personal cell phones when on official business (for fear they would be hacked). The next year they started looking into Bring-Your-Own-Device to connect to our internal network. Same people, brains not exploding.
40 weeks ago
40 weeks ago Link To Comment
View All