Some people may find it strange that the Defense Department, which helped create the internet, is having so much trouble securing its networks. Those people have not seen this mind-numbing, 2-foot-long chart, outlining the 193 documents that govern the activities of the Pentagon's geek squads.

Developed by the DASD CIIA (that's the Deputy Assistant Secretary of Defense for Cyber, Identity & Information Assurance), the goal of the chart is to "capture the tremendous breadth of applicable policies, some of which many IA practitioners may not even be aware, in a helpful organizational scheme."

And what a breadth it is: dozens and dozens of directives, strategies, policies, memos, regulations, strategies, white papers and instructions, from "CNSSD-901: National Security Telecommunications and Information Security Systems Issuance System to "CNSSP-10: National Policy Governing Use of Approved Security Containers in Information System Security Applications to SP 800-37 R1: Guide for Applying the Risk Management Framework to Federal Information Systems.

Obviously, operating networks for the millions of people who make up the world's largest military is no simple task: The financial, legal, organizational and technical issues are nothing short of staggering. On the other hand, the hackers trying to break into those networks don't have to check 193 different policy documents before they launch their malware. It's hard not to think that gives the attackers an edge.

See Also: