My Point of View

Oct. 22, 2010
When it comes to security, the feds keep 'em laughing

Will Rogers once said that he was thankful we citizens did not receive all the government we were paying for. It's hard to argue with him. It seems no matter how hard the government tries to initiate programs that it perceives as useful, inevitably it seems they seldom hit their intended mark.

But you have to give the Federal government credit - they do keep trying. But even the Feds realize you can't make everyone happy. Given the volatile state of the economy, the war in Afghanistan, high unemployment, the failing mortgage market, heightening terrorist threats and the impending grassroots revolt against incumbent politicians, Washington, D.C. can be a lonely place.

In the spirit of Will Rogers, what's a Federal agency to do? Easy - make them laugh. That's right, your tax dollars at work. It seems the Department of Treasury was having a difficult time keeping a happy face last year, so they solicited professional help for its Bureau of the Public Debt. No, it's true. You can't make this stuff up. If you don't believe me, here is an excerpt of the original solicitation for services dated July 9, 2009:

Solicitation Number: RFI-BPD-09-0028 Notice Type:

"The purpose of this announcement is to seek qualified contractors with the capability to provide presentations for The Department of Treasury, Bureau of the Public Debt (BPD)... The Contractor shall conduct two, 3-hour, Humor in the Workplace programs that will discuss the power of humor in the workplace, the close relationship between humor and stress, and why humor is one of the most important ways that we communicate in business and office life. Participants shall experience demonstrations of cartoons being created on the spot. The contractor shall have the ability to create cartoons on the spot about BPD jobs. Upon completion of the course, participants shall be able to:

- Understand the importance and power of humor in the workplace in a responsible manner
- How to use talents in a creative way that adds humor to everyday experiences
- Alleviate stress in home and the office
- Know how and why humor is important to communication
- Improve work-place relationships
- Prevent burn-out"

Unfortunately, it also appears the Feds sent in the clowns when they created the Federal Information Security Management Act (FISMA) almost a decade ago. Critics claim that it has done little to create the strategic cyber-security roadmap the Federal government so desperately needs.

The debate has raged over how the government protects its computer networks, with critics arguing that the Office of Management and Budget should focus less on complying with cyber-security processes and more on monitoring and conducting tests to learn how their systems withstand break-in attempts.

In the last six years alone, the State Department has spent $133 million amassing close to 100,000 pages of certification and accreditation documentation for nearly 150 major information systems. The electronics working files that support and track these processes house more than 18 gigabytes of documents and some 33,000 working files. And that information overload does not include the State Department's databases for tracking inventory, plans of action and vulnerability and monitoring reports.

To combat the incredible government waste FISMA has created since it was enacted eight years ago with the intent to set statutory requirement for information security in executive branch agencies, a new tool was unveiled this spring to take the focus away from regulatory compliance and snapshot-based reports that have cost agencies billions without addressing the real-time vulnerabilities of their networks. Unfortunately, this new tool - CyberScope, an interactive data collection platform for reporting FISMA requirements to DHS - seems to be confounding more agency CIOs and CISOs than helping. Although federal Chief Information Officer Vivek Kundra boasts that CyberScope's metrics will be focused on game-changing ways that can address real security, his audience is not buying it.

Despite the fact that all agencies are to have CyberScope implemented within the next 60 days, a just-released report conducted by MeriTalk and underwritten by ArcSight, Brocade, Guidance Software, McAfee, Netezza, and immixGroup, revealed that as of July, 85 percent of the 34 Fed security leaders have not even used the tool because they either do not understand it or do not know how to use it.

To conclude, another Will Rogers quote seems appropriate: "I don't make jokes. I just watch the government and report the facts!"

If you have any questions or comments for Steve Lasky regarding this or any other security industry-related issue, please e-mail him at [email protected].