The United States government employs more than 2 million non-military personnel. That’s roughly the population of New Mexico. If you’re saying, “Wow, that’s a lot of folks,” you’d be right. Based on a report recently released by the Inspector General of the Department of Defense, as a tax-paying citizen you’d think that from a universe of that size they might be able to find a couple with a background in data center security, but apparently that isn’t the case. While a lack of security within any area of the government is disconcerting, when we’re talking about an open-door policy surrounding our country’s missile defense system, “disconcerting” is kicked up a few notches to deeply disturbing. Or as one analyst said, “scary and alarming.”

Unfortunately, for those of us who believe missile defense systems are supposed to, you know, defend, there is no one big security issue to be resolved to provide us with a missile shield of which we can be proud. As is so often the case in these government-related issues, it’s hard to discern where negligence leaves off and incompetence begins.

According to the report, the issues that erode the sanctity of the bulwark of our national defense include issues ranging from unlocked doors to unpatched software vulnerabilities, including one that dates back to 1990. Apparently, the last COBOL programmer on staff has retired to parts unknown. Other noted instances referenced in the report include unlocked server racks, broken door sensors, and an environment of acceptance so unquestioning that one woman wandered around a facility with no badge. Despite her lack of credentials, the woman did note that the employees she asked for directions were all polite and helpful — “I’d like to disable all of this site’s launch capabilities. Could you please direct me to the correct server location?” “Sure! Down the hall and make a left at the ladies’ room. You can’t miss it. Have a nice day.”

While politeness is a quality lacking in many of our government employees, allowing unidentified personnel to romp through a data center facility that helps support our nuclear arsenal is a definite sign that there has been a breakdown in enforcing protocol. In other instances noted in the report, the sheer size of the government organizations involved introduced an unhealthy level of jurisdictional confusion. In other words, someone assumed that somebody else was responsible for security so, “I’m not going to worry about the three guys with guns that duct-taped a group of technicians to their chairs.”

Fortunately for those delegated with the responsibility to secure the defense systems that guarantee our safety, the standards for performance are a little lower than in the private sector. As one commentator on the report noted, “Many of these failures would get someone (in the private sector) fired.” But then again, isn’t job security one of the benefits of working for the government? Still, one has to wonder — if leaving aspects of important weapon systems open for exploitation by less than friendly foreign governments isn’t grounds for termination, what do they talk about during annual employee reviews? Maybe they take a “no harm no foul” approach as long as a North Korean KN-02 doesn’t land in the President’s front yard.

One can argue that with a workforce of over 2 million people the federal government is too big*, but is it too demanding of us to expect them to be competent at their jobs? Hopefully, the release of the Inspector General’s report will result in the Department of Defense launching an intense effort to correct the security holes that characterize the country’s missile defense efforts. But even if they do, does that make us more secure? Are things like the effectiveness of missile systems really more a function of the people who support them whether they are Russian, Chinese, North Korean, or us? Maybe what our security really depends on is the hope that the incompetence of the data center employees of our enemies exceeds that or our own.

* It is!