We need a bullshit icon.
Because I'm smelling it from reading the article. In lieu of that, I'm using the "Esc" icon, due to the suspicious brown substance in the pic.
So what bit of the article enraged me? A little bit of this.
"Marine Corps Gen. James Cartwright, vice chairman of the Joint Chiefs of Staff, said the Pentagon must shift its thinking on cybersecurity from focusing 90 percent of its energy on building better firewalls and only 10 percent on preventing hackers from attacking U.S. systems."
The thought's ok - 90% spent on firewalls is excessive. But I think he misses the point. _Physical security_ is a far better answer, as many commenters have pointed out already. Have your databases in separate networks from the web, and limit access to those who need it. And do those machines have USB ports? If so, remove them, because it's an easy way for spies to get at secrets. Firewalls should be completely redundant.
However, my real scorn goes to this comment.
"Cartwright said most viruses are only a couple hundred lines of computer code, but the patches to fix the holes they exploit can run into millions of lines of code."
Oh my fucking god. Either the General is lying (because the patch should be a couple of orders less in lines of code), or the code has more holes than swiss cheese. And how likely is it that those millions of line of code introduce a few other unintended vulnerabilities along the way? (We are talking about patches written by tax-paid-out defense contractors, aren't we, rather than third-parties like OS and anti-viral manufacturers? It's not clear from the article, but that's the sense I get.)
Here's an idea, General. In addition to the physical security mechanism already used, how about using the security features that come with the OS - access control lists and user permissions? That should restrict the freedom for viruses to damage your systems. Oh, and don't forget about disabling AutoRun.
And if your systems still need million-of-line-patches afterwards because the Bride-of-the-son-of-Conficker comes along, then your code is shit, as is the defense contractors that wrote it. Sack them. Alternately, if the access control lists and the user permissions _break_ their software, sack them and bill them for wasting government money. A bit extreme, but the US Government needs all the cash they get at the moment.
Course you won't do that, General. A man's got to think of his retirement, and what's better than a well-paid sinecure in a defense contractor's board of directors? Sacking contractors would make waves, and you don't do that in Washington, do you?