White House Issues Memo to NSA and DoD to Improve Security

It is no secret that the NSA and DoD (Department of Defense) and other Government agencies have an issue with security. Over the last few years their security has been about as effect as using a sieve to carry water. The top 10 list of security faux paus include such wonders as the Snowden leak and the OPM breach. However, when I see the White House (any administration) send out memorandums telling Government agencies to tighten up security I laugh a bit.

Think about the hilarity of agencies that have almost unlimited budgets and are responsible for some of the most important secrets not doing the right thing where security is involved. The fact that is takes a not from Dad and Mom to get them to follow common security best practices is just ludicrous. Yet that is what has happened. The Executive Branch has instructed the NSA, DoD, and others to start adopting security practices that are in place at the private business and federal civilian level.

This comes as we also hear information about State Level attacks directed at the Ukraine and after years of being told by industry experts that US infrastructure services and departments responsible for National Security were at risk. Instead, we saw the Government focus on things like Copyright and pushing the agenda of the MPAA and RIAA. Let’s not forget the Cyber Intelligence Security and Protection Act. We were told that these misguided efforts were all about protecting national security and US IP (you know how important of a national secret movies are).

This is not to say that they should not be trying (they should), just that these efforts often come too later and from the wrong direction. They appear to be best at showing they are doing something even if that something is really nothing or at worst it will mean more intrusive efforts to gather personal data. These types of measures often have a negative effect on overall security because any openings or collection of data can be found and compromised by a threat actor.

This move by the White House is not the first and it will not be the last. Every time we see a large scale incident there is a move like this. The big companies all go to Washington and have a conversation about how they are going to improve and do better, then in the end those same companies will go back and do what they have always done and the agencies that really need to change things will go back and do the same. As there is no real accountability in either sector, nothing will change.

Log4Shell, Sunburst, Heartbleed, these are becoming the rule and not the exception. A Memo is not going to put a stop to that.

No comments

Leave your comment

In reply to Some User