Everyone must be stupid. That’s the only conclusion possible in light of the recent report released by the General Accounting Office (GAO) on the lamentable state of U.S. government Web site security.
Certainly, the 24 government agencies reviewed must be stupid. The GAO report said they have “serious and widespread weaknesses” in spite of the fact that they were alerted to the problems by a similar negative report in 1998.
Nobody’s Perfect debt or fatten her monthly Social Security check.
Why haven’t radical environmentalists or money-grubbing polluters tampered with EPA files to advance their causes? Why haven’t anarchical college students, Colombian drug lords or Slobodan Milosevic brought down the Department of Defense? Stupid, stupid and really stupid.
Perhaps there is an alternative explanation.
In Defense of Geeks
My theory is that the weaknesses the GAO is so hot about are not so critical after all — they would either have been fixed by now or the sky would have long since fallen.
Now, I’m as willing as the next cynic to believe that politicians and government bureaucrats are so consumed with ulterior motives that they could conceivably put the country at risk through self-centered promotion of their own agendas. But those guys aren’t running the government’s computers.
The government’s computers are being run by computer technicians. As a class, they are highly trained, sometimes even brilliant, and often apolitical. Fortunately, you don’t have to be one to know that for the most part, they are very far from being stupid.
I am not proposing that those 24 agencies should thumb their noses at the GAO for another two years, but I am suggesting that the accounting office may well have gone a little over the top with its warnings and exclamation points — perhaps because it felt snubbed the last time it got hit in the head with a rock. Certainly, if the security breaches are anything like as serious as the report implies, the potential crises should be addressed in dimly lit underground chambers far from snooping ears or eyes, by high ranking officials entrusted with the safety of our nation — rather than broadcast in the media. If the weaknesses are more along the lines of nuisance holes that allow access to scoundrels like the hacker “Pimpshiz” — who broke into some government sites to spray cyber-graffiti on content pages — well, they should be fixed, but they shouldn’t assume priority over more pressing jobs that may need to be done. Like fixing the Y2K bug.