The United States government employs more than 2 million non-military personnel. That’s roughly the population of New Mexico. If you’re saying, “Wow, that’s a lot of folks,” you’d be right. Based on a report recently released by the Inspector General of the Department of Defense, as a tax-paying citizen you’d think that from a universe of that size they might be able to find a couple with a background in data center security, but apparently that isn’t the case. While a lack of security within any area of the government is disconcerting, when we’re talking about an open-door policy surrounding our country’s missile defense system, “disconcerting” is kicked up a few notches to deeply disturbing. Or as one analyst said, “scary and alarming.”
Unfortunately, for those of us who believe missile defense systems are supposed to, you know, defend, there is no one big security issue to be resolved to provide us with a missile shield of which we can be proud. As is so often the case in these government-related issues, it’s hard to discern where negligence leaves off and incompetence begins.
According to the report, the issues that erode the sanctity of the bulwark of our national defense include issues ranging from unlocked doors to unpatched software vulnerabilities, including one that dates back to 1990. Apparently, the last COBOL programmer on staff has retired to parts unknown. Other noted instances referenced in the report include unlocked server racks, broken door sensors, and an environment of acceptance so unquestioning that one woman wandered around a facility with no badge. Despite her lack of credentials, the woman did note that the employees she asked for directions were all polite and helpful — “I’d like to disable all of this site’s launch capabilities. Could you please direct me to the correct server location?” “Sure! Down the hall and make a left at the ladies’ room. You can’t miss it. Have a nice day.”