It is hard to grasp just how foolish the US Federal government can be. Let’s look at the fundamentals. There is a clearly identified deficiency in network and computing security within the US federal government. This lack permeates every agency, regulatory body, and department, even down to State and local levels. It has been documented over and over by the GAO and has been made evident by the revelations of continuous break-ins by hackers, criminals, and foreign national military organizations, such as China’s Red Army. Just as the problem is clearly defined the solution is clear: simply, systematically, starting from the ground up, institute good security practices. I know what these practices are, half my readership knows what these practices are, if you don’t know them just ask, we can help.

But no, simple problems in government don’t get simple solutions, they get massive new initiatives, re-shuffling of reporting structures, and huge budgets – reportedly the Bush administration is building a cyber-security legacy that will cost $30 billion over the next seven years. This Cyber Security Center is secret. There will be no Congressional oversight; there will be no industry input, and, most worrisome, there are hints that the NSA will have a big part in it.

Does it annoy you as it does me every time you hear an official talk about government-private industry cooperation in security? I have worked with thousands of private industry security people over the last ten years. They know what they are doing. Many of them have very secure environments. Few of them have had to shut down their email servers for a week while they root out Chinese Red Army hackers as the Pentagon did last summer. The private sector is keeping up; which is much more than can be said for the public sector.

The news today is that a leader has been chosen for this new initiative. Or rather, a “coordinator”: Rod Beckstrom, author of a book titled The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations. Is this supposed to be irony? Humor? Let me check the calendar, no it is still a couple weeks shy of April 1st.

This is the government we are talking about. This is the military we are talking about. Leaderless organization?? The military is the definition of the top down leadership organization. The entire recruiting, training, education, and environment of a military organization is supposed to breed leaders. I find this appointment so laughable because the single factor missing from any effort to straighten out the government’s security issues is leadership.

The security situation within the US Federal government is unacceptable. I have come to believe that it will not be solved without ruthless action. Meddling with the private sector must be put aside while the military and the other agencies put their respective houses in order.

What do I mean by ruthless? How about this? Immediately demote every single member of the military who is involved directly in Information Technology. They have failed their duty to protect the vital assets that have been entrusted to their guardianship. Make re-instatement in their former rank contingent upon securing their operations. Give them deadlines for passing some rudimentary security checks. If they fail to meet those deadlines demote them again.

See what I mean by ruthless? See what I mean about needing leadership? This takes someone with at least the title Commander in Chief to institute. Are we not in the process of choosing a leader even now? There is no need for an additional $30 billion in funding and a secret organization to spend it. There is no need to put our top spy agency in charge of security. There is no need to create anything at all for the private sector, although the private sector could help the government considerably.

This is a serious situation. Security deficiencies have been identified over and over. Nothing is being done. It is time for serious leadership.