They are either up to scratch or not. Sounds like not.
Washington DC has been hit with yet another discouraging assessment of the Uncle Sam's IT management and security practices. The bi-annual grading of federal organizations [PDF] was released this week, and, by and large, they show America's government bureaucrats have a lot of work to do when it comes to securing, updating, …
Nope, not fap-off but budget increase and personnel all in the name of 'we're going to make it better!!" Reality will be bloat, more restrictive rules for those they serve and bunch more federal employees eagerly awaiting their retirement.
I'll give you an upvote for trying though.
Both Homeland Security and NASA have seen budget increases in the past couple of years. The DHS in particular - locking up children, conducting dawn raids on immigrants, putting up hundreds of Secret Service agents at every major golf course in North America... none of these things come cheap, you know.
Sounds like the best way to improve your security rating is to give the CIO loads of authority and make sure you don't ever stiff any private business of any payment they might be owed. Nothing about keeping IOT junk out of the operation. Nothing about demanding vendors not spy on the government. Nothing about standards compliance. Things like HIPPA (patient medical data) and FIOA (Freedom of Information Act). I suspect some of that is actually reflected in the report even though the Reg chose not to highlight it.
Anyway, my guess is that this report tells no one anywhere anything meaningful about government agency security. And my bet is that the security problem is so tough and best security practices are so inadequate that government security practices (outside the military and intelligence areas) are on a par with private industry. Pretty much a total, across the board, failure.
I don't imagine a bunch of scientists at NASA give a toss about this kind of tickbox-exercise.
Not that this is about them: it's their management structures. Do those change every six months or so in response to the latest fad? If yes, there's your problem. If no, who are you going to convince to respond to a report like this?
NASA's problems start with the fact that administrators are often not spaceflight or aeronautics supporters.*
the problem is made almost infinitely worse because every Senator, Representative and President endlessly tries to micromanage** NASA as to what space missions to undertake and which state gets to supply parts.
and none of the micromanager wannabes care about aeronautics or NASA's education programs.
* Charles Bolton, the previous (unless that's changed again) administrator is an ex-astronaut was a modern exception.
** usually via funding threats.
Giving a department a B- rather than an A+ simply because their reporting structure is slightly different to the one the politicians want seems a 'fingers in pies' approach to oversight.
There is no question or answer as to whether the existing reporting method works, is efficient or is effective just that it's not what the overseers wanted to see, which in itself may a be poor, inefficient and ineffective management solution. That is straight micro management.
Yes well security is . . Oh My God look : hackers in Russia !
Oh God there are also hackers in China !
And look : hackers in North Korea !
We're being hacked, I tell you ! Run and scream like headless chickens !
After decades working for multiple Government Departments and Agencies that put NPCs in charge I'm neither surprised or hopeful.
These people are interested in their Careers, power and signaling.
It's unfortunate but if they really cared we wouldn't be tumbling towards a Linux Cloud under a M$ sky.
Biting the hand that feeds IT © 1998–2020