I agree you can?t trade a dollar for experience. Currently, it?s not, most security folks within the Government (starting at the highest levels) are people who have only the basic knowledge that the CD ROM drive is not a cup holder. Most don?t even have a college education, not that that by itself means intelligence. As far as professional certifications are concerned the Government wants it?s employees Certified but it?s difficult to keep the good ones that pass the exams when private industry starts holding the green carrot in front of them. But upper level management is not and will never be ready to deal with the lure from the private sector.

Let?s not put all the blame on Clarke. I think there were some attempts during the Clinton Administration to coral information security. The problem was the ?exceptions? the ?extensions? and the ?extraordinary?. Government agencies recently received an ?F? from GAO, that?s down from the prior year. I realize that GAO raises the bar each year by a microcosm measurement which most if not all Government agencies can?t keep up with. Hence, top level Government directors get exceptions, extension and extraordinary awards for their attempts. (By the way this is where a lot of that $233 million is going to be spent.) I?ve heard people say that if top level managers produced like they do in the Government they?d be on the streets. I guess our Government has either lowered it?s standards to keep what it can or has no idea how to measure a good manager from a good suck up.

Clarke?s proposal that software vendor?s provide automatic updates to their products when problems are discovered. I think Clarke needs to read up on what?s going on around him. According to a bill in the Senate being co-authored (or dictated to) by Hollings and Stevens called the Security Systems Standards Act being tossed around in the Senate. This bill will certainly put an end to the Clarke bill. Talk about one hand not knowing what the other is doing. Most advocates of Open Source find that measures within this new enlightenment will all but kill Open Source.

Plus Microsoft is heading up the charge on ending what it refers to as Information Anarchy what?s so interesting about this is that some very renown InfoSec companies are following suit with the big M$. By the way apparently MS is getting so much harassment from someone that it moved or lost the page where Scott Culp rants about Information Anarchy. Apparently Steve Gibson?s (Shields Up) documented conversation with MS?s purported Security Guru?s rubbed at the Gates domain where it?s most vulnerable.

The only question I have is, where are they going to come up with all this money? And when they finally realize that the only way to reach these million dollar goals is to increase taxes, will there be a better accountability? Or did the Government hire all the Enron accountants as well?


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/46/9829#9829