Report: US Government Worse Than All Major Industries On Cyber Security (reuters.com) 124
schwit1 quotes a report from Reuters: U.S. federal, state and local government agencies rank in last place in cyber security when compared against 17 major private industries, including transportation, retail and healthcare, according to a new report released Thursday. The analysis, from venture-backed security risk benchmarking startup SecurityScorecard, measured the relative security health of government and industries across 10 categories, including vulnerability to malware infections, exposure rates of passwords and susceptibility to social engineering, such as an employee using corporate account information on a public social network. Educations, telecommunications and pharmaceutical industries also ranked low, the report found. Information services, construction, food and technology were among the top performers. And we are supposed to trust them with healthcare? This report comes after President Obama recently unveiled a commission of private, public and academic experts to bolster the U.S. cyber security sector.
Can we turn the hyperbole down to 10? (Score:5, Insightful)
And we are supposed to trust them with healthcare?
Is beyond absurd. Anyone who read the slightest bit of the Affordable Care Act knows that it does not put government in charge of health care. In fact, it did almost exactly the opposite of that and gave the insurance industry - which was already disgustingly powerful - even more power. The only function of healthcare.gov is to connect the (now obligate) consumer with a company who will sell them a policy.
In other words the ACA is a license for the health insurance industry to print money. They quite nearly had it before, but now it has been fully formalized.
And we're supposed to trust 'em with *INSERT HERE* (Score:2)
Seriously.
Their security is so lax that if you CAN'T get at something, it's a mistake.
But they want us to trust them with ANYTHING and EVERYTHING?
Fuck that noise!
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
All that may be true but it does not alter the fact the government has had a great deal of new personal information placed in its hands thru operation of the exchanges and thru information sharing between insurers and the IRS.
While I think there are stronger criticisms to be made, the argument about information risk it poses is a perfectly valid one.
Re: (Score:2)
So, what does the CCIIO do if they're not in charge?
https://www.cms.gov/cciio/ [cms.gov]
Re: Can we turn the hyperbole down to 10? (Score:5, Insightful)
It's that many Democrats want to give control of healthcare to the government.
First of all, that is a pointless claim for several reasons. One, it is pointless because it won't happen. Two, it is a pointless claim because there are no democrats currently in Washington who are willing to propose anything that even slightly resembles an initiative to "give control of healthcare to the government".
Second, what do you even mean by "give control of healthcare to the government"? Even the most socialized of all medical systems still give the physicians at least as much autonomy as our system does.
In other words, you are just parroting standard slashdot conservative FUD.
Re: Can we turn the hyperbole down to 10? (Score:1)
I support single-payer which would give the government control over expenses. There's no reason to allow all of the ridiculous expensive tests we have now.
Re: (Score:1)
One, it is pointless because it won't happen. Two, it is a pointless claim because there are no democrats currently in Washington who are willing to propose anything that even slightly resembles an initiative to "give control of healthcare to the government".
I have two words for you: "Bernie Sanders"
Yes, I don't think he's going to win, but it isn't impossible. You don't think he wants single payer health care? How is that precisely going to work without the government pretty much owning it?
And, he's just the tip of that spear. Government is the solution to all of our problems, if you're young and can't see what the government does with just about every other program. Lack of security is just a minor annoyance compared to the bureaucratic cock-up that we'r
Re: Can we turn the hyperbole down to 10? (Score:5, Interesting)
One, it is pointless because it won't happen. Two, it is a pointless claim because there are no democrats currently in Washington who are willing to propose anything that even slightly resembles an initiative to "give control of healthcare to the government".
I have two words for you: "Bernie Sanders"
So which do you understand less well then, healthcare control, or Bernie Sanders? Clearly you don't understand either very well that you try to place the two in the same boat.
Let's establish an important fact here - especially since your comment is woefully lacking in facts. Single-payer health care does not mean the government tells your doctor what to do. It does not mean there is a bureaucrat in the office with you second guessing every decision your physician makes. What it does mean is that everyone has the same base level of care (which is currently a completely alien concept in the US) and the government sets the rates they will pay for certain things. You want other things? You can go buy them yourself.
More to the point though, Sanders can't pull off single payer, at least not any time soon. If the DNC would allow him to be the nominee (which they won't) he would wipe the floor with any GOP candidate in the general election (as every single national poll from every single polling group or company has shown). However, President Sanders would still encounter too much GOP opposition in congress to pull off single payer. He can't make it happen simply as a product of his own will.
The ACA is just the government doing what the government does best, fucking up
The ACA is the largest corporate handout in the history of government, period. With the ACA the federal government gave the health insurance industry a license to print money and made us all obligate consumers of their shitty products.
And no, this is about security, not physician choice
Indeed the article here is about security. However in classic slashdot conservative spin, the editor here editorialized it into a baseless attack on the government. The government gets plenty wrong without people making shit up out of nothing.
They also suck at bureaucracy
I'm going to conclude from that statement that you don't actually know any health care providers first hand. Every provider in the US right now spends a huge chunk of their time dealing with bureaucracy. They mastered it in med school - if not sooner - and they face it nearly every hour of every day now as a provider.
and also at not charging an arm and a leg for their services.
If you would set down your kool-aid for a moment and think about this problem you would realize that the physicians have little to do with what is charged for their services. These rates are mostly set by the health insurance industry and various costs that come from dealing with them.
Re: (Score:2)
Let's establish an important fact here - especially since your comment is woefully lacking in facts. Single-payer health care does not mean the government tells your doctor what to do. It does not mean there is a bureaucrat in the office with you second guessing every decision your physician makes. What it does mean is that everyone has the same base level of care (which is currently a completely alien concept in the US) and the government sets the rates they will pay for certain things. You want other things? You can go buy them yourself.
Sure, it does. Should we start looking at examples of real world single payer systems to see these very behaviors you say don't exist?
As to the "base level of care", that already exists. It's whatever you can get in an emergency room for free or Medicaid, if you qualify for the program.
If you would set down your kool-aid for a moment and think about this problem you would realize that the physicians have little to do with what is charged for their services. These rates are mostly set by the health insurance industry and various costs that come from dealing with them.
It really comes from the complete exclusion of the actual consumer of health care from the negotiation.
Re: (Score:2)
Even if you look at the fringe cases where treatment is exorbitantly expensive, the government will side with the doctor and then use its power of negotiation to get the pharmaceutical companies to lower their prices. They do this because they negotiate on behalf of all Canadians and no company is stupid enough to cut them selves from the entire Canadian market over one type of treatment that is an edge case.
So right here in your first paragraph, we see the Canadian government at some level exercising control over what health care is provided. Here, you claim the Canadian government is exercising monopsony power over the health care market. Since they are negotiating on behalf of the Canadian health care consumer, they are implicitly controlling what health care that consumer receives.
Why do i need to be involved in the negotiation? All i want is to be able to go to the doctor and get taken care of with a minimal personal expense. When the government bears the expense then it is their prerogative to lower costs by playing hardball with the suppliers to lower the costs of the medicine which they are better off doing because they have the weigh of our population behind them in the negotiations.
Because it's your health. I think I merely state the obvious that a lot of people would consume less health care if they were co
Re: (Score:1)
Re: (Score:2)
no democrats currently in Washington who are willing to propose anything that even slightly resembles an initiative to "give control of healthcare to the government"
Yeah, there is [berniesanders.com].
Normally I would oppose that kind of plan, because Medicare isn't that great, but realistically what we have now isn't that great, either.
Re: (Score:3)
no democrats currently in Washington who are willing to propose anything that even slightly resembles an initiative to "give control of healthcare to the government"
Yeah, there is.
Government does not control healthcare for medicare patients. What it does do is set the prices that they will pay for services; doctors are free to accept or reject those (by accepting or rejecting medicare patients). If tomorrow morning we woke up and found that every person in the US was covered by medicare the government would still not be controlling healthcare, as people would still be free to pay out of pocket (for things that medicare didn't cover or for providers who don't want to accept medicar
Re: (Score:2)
Government does not control healthcare for medicare patients. What it does do is set the prices that they will pay for services
Which is control especially given that they pay for some services and not others, and decide who can offer those services. Let us recall that the primary means of control by the federal government is through its funding. For example, tying highway funding to the states in the late 70s to establishment of 55 MPH as a speed limit. Another example is so-called "Title IX" regulations on gender discrimination in colleges which receive federal funding.
I notice several other means by which the federal governmen
Re: (Score:2)
Government does not control healthcare for medicare patients. What it does do is set the prices that they will pay for services
Which is control especially given that they pay for some services and not others
No, because the other services can still be offered. You are free to pursue any kind of health care you want - or none at all if you so choose - as a medicare patient. You just know that medicare will cover some things and not others. It is no different from private health insurance, and I have not heard anyone raise a stink about health insurance "controlling" health care.
and decide who can offer those services
Also no. The group that decides who can offer medical services is primarily the AMA, they decide what makes a person qualified as
Re: (Score:2)
No, because the other services can still be offered. You are free to pursue any kind of health care you want - or none at all if you so choose - as a medicare patient. You just know that medicare will cover some things and not others. It is no different from private health insurance, and I have not heard anyone raise a stink about health insurance "controlling" health care.
It's still control. I explained the mechanism by which the control works.
Also no. The group that decides who can offer medical services is primarily the AMA, they decide what makes a person qualified as a physician. The government will decide who they will pay to offer those services but that doesn't mean you can't go elsewhere. There are physicians in this country who don't accept medicare (and some who never have) and they make it through their careers just fine.
And who gave the AMA that power? State licensing boards. You're not thinking.
We have already seen so many exceptions carved out from that such that the regulation you mention is of nearly no consequence.
Saying that doesn't make it true. I already gave counterexamples. Malpractice lawsuits are another example for which so many exceptions have not been made.
First of all, no. They are free to use other hospitals and clinics if they so choose. They may have to pay for those on their own if they have no other health insurance, but they are not prevented from going to them. It is worth noting that in many areas the VA has programs set up that if they cannot get in to see a provider soon enough they will be a covered referral to go elsewhere.
Your objection is irrelevant to the matter at hand. It doesn't refute even a little the observation that the VA is another means by which the US government controls health care of its residents.
We've discussed this before.
Single payer is not government control of health care, period.
Which is 1984
Re: (Score:1)
and it would be impossible to throw out all the congresspeople who are owned by the insurance industry in any number of election cycles.
So you vote just to go through the motions, eh? Really, what is the point if it is so "impossible" as you say? What a goof!
Re: (Score:2)
and it would be impossible to throw out all the congresspeople who are owned by the insurance industry in any number of election cycles.
So you vote just to go through the motions, eh? Really, what is the point if it is so "impossible" as you say? What a goof!
There is only one representative and two senators who represent me in the federal government. At most I can vote for the representative and one senator at a time. If people who live in other districts prefer to be subjects of the insurance industry I cannot to anything about that. That is how democracy works.
Re: (Score:1)
Well, as long as you're not blaming the government or even the industry, it's all good. ACA won the Peoples' Choice award, twice.
Re: (Score:2)
Well, as long as you're not blaming the government or even the industry, it's all good.
Have you read to completion anything I have written here, ever? I rarely am not blaming the industry - especially the insurance industry. From my vantage point the health insurance industry is the most morally bankrupt industry of them all; I trust lawyers, used car salesmen, realtors, and stockbrokers all more than I trust anyone from the insurance industry. I have repeatedly pointed out that the fuckers from the insurance industry own our federal government and shoved the ACA down our throats to ensur
Re: (Score:1)
I rarely am not blaming the industry - especially the insurance industry.
Yes, exactly. For what? If they win the votes, why is it their fault if people fall for the con by electing their puppets? And if that is the case, what is the resolution? You won't change the law by reelecting them. Your choice...
Re: (Score:2)
Re: (Score:1)
And you live in a bubble of "the insurance industry is the problem".
Re: (Score:2)
Re: (Score:1)
You enable them by voting for politicians that take their money and protect their business. This is what your lesser evil game provides for you.
Re: (Score:2)
Re: (Score:1)
Your votes are what made it that way. Look in the mirror, boy!
Re: (Score:2)
Re: (Score:1)
Still keeping up with the lie, eh? I suppose that will be your template of excuses. The insurance companies appreciate your vote.
Re: (Score:2)
Re: (Score:1)
Obviously you have no idea since you're just lying, to cover up your own responsibility for voting for quid pro quo candidates... There are plenty of alternatives right there on your ballot, but you will vote for democrats that shill for the insurance industry. You clearly don't "hate" them as much as you let on. You're just putting on a show.
Re: (Score:2)
Re: (Score:1)
Your projecting your own characteristics onto me again... To be expected I guess, since you must deny the part you play to keep up appearances.
Now, for the viewing audience, feel free to point out anything in my previous post that was incorrect. Since most of us are already accustomed to your regular hand waving, we're not expecting much.
Re: (Score:2)
Re: (Score:1)
Well, you're back to lying to yourself then.
Re: (Score:2)
Re: (Score:1)
I have nothing to lose from watching you make a fool of yourself.
Yes, well, a fool rarely has anything to lose he hasn't lost already. So, stay safe in the middle of the herd.
Re: (Score:2)
Re: (Score:1)
You're still lying though, in the vain attempt to hide your own responsibility for the results... a simple follower of the crowd, living in denial.
Re: (Score:2)
Re: (Score:1)
Of course it is. Look at you! There's the reality right there
Re: (Score:2)
You are free to pursue any kind of health care you want - or none at all if you so choose - as a medicare patient. You just know that medicare will cover some things and not others. It is no different from private health insurance, and I have not heard anyone raise a stink about health insurance "controlling" health care.
The differences you're glossing over are voluntary participation and competition among providers, which are exactly the aspects a single-payer system would eliminate by definition. In the single-payer system you are forced to pay for coverage for a set of services selected by the government, whether you personally value them or not. Sure, you can pay out-of-pocket for services which are not in this set—but the funds you would need for those services have already been earmarked for other services you d
Re: (Score:2)
It sure as shit does control medicare patients. My 77 yr old mother has been through numerous surgeries over the last several years, and is in need of more. However, Medicare limits how much time she can spend in rehab after surgery to under 100 days. She's used that up, and has to wait for a cooling off period before re qualifying, in spite of being in dire need of surgery again. It's not the doctors controlling this, it's the fucking government.
Re: (Score:2)
My 77 yr old mother has been through numerous surgeries over the last several years, and is in need of more. However, Medicare limits how much time she can spend in rehab after surgery to under 100 days. She's used that up, and has to wait for a cooling off period before re qualifying, in spite of being in dire need of surgery again. It's not the doctors controlling this, it's the fucking government.
That is no different from what any insurance company would do. Health insurance is all about limiting access to health care and discouraging people from using it. If your mother was on a health care plan from a for-profit - and mind you she still could buy into one if she has the money - she would run into the same problem. Every plan on the market has some limits; some are just higher than others.
I'm sorry that your mother isn't happy with medicare, but she wouldn't be seeing anything better with a
Re: (Score:2)
Again, you stated that they don't control it, when in fact that is false. Your point about it being no different from an insurance company is irrelevant to what you claimed. "Government does not control healthcare for medicare patients".
And, while you may believe private insurance wouldn't be any better, that's at least debatable.
Re: (Score:2)
When I drive my car, I control it. My car does not have free will, it does not get to go anywhere other than where I want it to. It has no choices. If I was a horse owner I could say the same thing about a horse.
A medicare patient is not controlled in that way, nor is their health care. Yes, there are limits on what medicare will pay for them to do, but the patients are not prohibited from paying for other things them
Re: (Score:1)
Obamacare a step to "single payer" (Score:2)
If you told me 20 years ago, that a self-identified "Democratic Socialist" [wikipedia.org] (and a bona-fide Communist underneath [trevorloudon.com]) will soon have a fair shot at becoming President of the US, I would've dismissed it with the same derision... But today's youth does not care any more [washingtonpost.com] — the Socialism/Communism's 100 years of failure (and mass-murder [reason.com]) are not taught in schools.
Re: (Score:2)
You better be including all of the bullshit lawsuits brought by ambulance chasers. Ask any doctor how much they pay for insurance to cover that crap, and it all flows down. We also need to break the Insurance/hospital cartel.
So Hillary did the right thing? (Score:1)
She had an industry expert setup her server in her bathroom.
Re: (Score:2)
This. She didn't wait on slow government IT. She got stuff done.
Like protecting the embassy. Oh, nevermind.
Re: (Score:1)
So it might literally crap out?
Re: (Score:1)
There was a reason she installed the super flush kind of toilet, and it wasn't just to clean those tenacious skid marks either.
You want quality, you need to pay for it (Score:5, Interesting)
... And I'm not talking about writing large checks to companies that want to sell you something. They don't have your best interests at heart.
The issue is that anytime Joe Q Public hears of government employees making 6 figures he goes ballistic. He does this without any thinking or research about what a comparative job in the private sector pays.
People work in infosec in govt long enough to be attractive to $BigGovtContrator and then bail, get the real salary from the contractor and cash in. That's the game. There's probably a few honest folks who are trying to make things better, but they'll be undercut by the ones trying to give big sweet contracts to $BigGovtContractor in order to pad their parachute.
If we want govt to be effective we have to stop losing our pressure valve because someone working for the government is making more then we do.
And this is pretty much without respect to which country we're talking about. I'm not American but I work in infosec and I won't take a govt job here either. Tried it for like 6 months, saw the game and ran for private sector (no, not for $BigGovtContractor).
I know, not what you want to hear, and I expect to get modded down, but sometimes the truth hurts :)
Min
Re: (Score:2)
Government employees can make 6 figures. The problem is the law that says that no one in the federal government (other than POTUS/VPOTUS/Justices) can be paid more than a Congressman. And they capped their salaries at the low 6 \figures.
Re: You want quality, you need to pay for it (Score:2)
Citation please. And I ask as a govt employee who has a salary higher than any Congressman other than the Speaker of the House.
They have staff allowances, expense accounts and benefits that aren't available to others, but salary alone...
Top career officials at an agency like FDIC have a max salary of $260k. Congressman are paid $174k according to Wikipedia.
Re: (Score:2)
5 U.S.C. 5303(f) [cornell.edu]Limits base compensation to Level 5 ($148,700). Additional compensatory payments (locale based adjustments, etc.) may raise total pay to Level 1, what cabinet members make ($203,700) which falls between the Majority Leader's pay and the Speaker's pay
FDIC is a strange organization. They receive no money from Congress, and are therefore exempt from the rules on max payments.
Re: You want quality, you need to pay for it (Score:2)
You're misinterpreting that statute. For a quick example check out the SES pay rates, which go as high as $183k, which is the equivalent of Level II of the Executive Schedule.
https://en.m.wikipedia.org/wiki/Senior_Executive_Service_(United_States) [wikipedia.org]
Finally, that a look at USC 5305 which grants the President, they OPM, the right to set alternative pay schedules based on several factors.
This is used, for example, to pay certain positions at a much higher rate, such as doctors.
The financial services agencies (FD
Re: (Score:2)
The highest paying gov't job on the first page of USAJOBS [usajobs.gov] results was $300k, which I wouldn't call "low six figures". I work with several people who make more than Congressmen and my own salary is approaching that.
Re: (Score:1)
Re: (Score:2)
I won't argue that salaries don't have an impact, but I think there are bigger money problems. Namely that security is literally always the last consideration before a system is brought online. As a result security ends up becoming more about justifying leaving vulnerabilities open than fixing them. Fixing known security holes often involves changing the way a system actually functions and plenty of risk for lengthy down times and outages when things don't go smoothly. Better funding can mitigate a lot of t
Re: (Score:2)
There is a level of truth to this, but you need a base competency in-house to understand and champion the efforts.
Also, the general gripe of six-figure salaries in government isn't the base pay, it is all the benefits that are completely inconsistent with the private sector... while generally not being that much of a discount to private sector in salary.
Re: (Score:2)
Agreeing with parent here. Six figures in the D.C. metro area will barely get you a decent low level manager in private industry. It's expensive to live/work here. The government needs to at least be somewhat competitive if they actually want someone with a little bit of talent.
Follow the money... (Score:1)
Re: (Score:2)
In my case, I am a contractor ready to bail because my government sponsor, who is in a big role in a branch of military cybersecurity, is not motivated nor interested in anything that might take effort. Gotta protect his funding line and rice bowl.......
The lack of leadership combined with the bureaucracy has made me lose any faith that things will improve. I work with some people every now and then that are awesome, dedicated and motivated, but like me, they get tired of 'the fight' and take a job outsid
AstroTurf (Score:5, Interesting)
I always look at "reports" like these with a very skeptical eye because usually they have been produced for some company looking for a contract. As a 20 year DoD employee, I can tell you that neither my SIPRNET nor NIPRNET has been owned by anyone. Except the Chinese, but that's normal, right?
Re: (Score:2)
Except the Chinese, but that's normal, right?
If the Russians and Israelis don't also own these systems, it surely isn't normal?
However, it might be normal that you didn't notice the Russians :) :)
However, the Israeli Reality Distortion Field might have convinced you that their access to these systems was legit as if they were part of the five eyes
Re: (Score:2)
Failure is an option in government (Score:2)
Re: (Score:2)
There are no consequences to failing in government.
That may be true for political appointees and their cronies, but not for the typical government worker. The agency I worked for hired several IT workers who thought this was a "gubermint" job, did nothing when they reported to work, and were shocked to discover themselves unemployed in short order. Most of my coworkers are ex-military folks with zero tolerance for slackers.
Re: (Score:2)
Worker-bees are not the real problem. But there is only so much that worker-bees can do to keep the whole functioning and they are failing.
Re: (Score:2)
A failing administration usually turns into a pork-barrel for all involved as one of the later steps. That has already happened in the US. Next steps: full-blown police state, fascism, economic collapse, dark age, slow rebuilding. Maybe throw in a nuclear war to make things even worse.
Defending (Score:2)
against cyber security attacks, as opposed to perpetrating them.
I wasn't sure at first.
News Flash (Score:1)
Report: US Government Worse Than All Major Industries On [literally anything done by private industry]
Solution (Score:1)
They should put their email on a private server.
Yes, we trust them with healthcare (Score:5, Interesting)
FT-Summary: And we are supposed to trust them with healthcare?
The largest data-breach in American history was of Anthem(TM), a private health-insurance company.
Re: (Score:2)
So then perhaps one might conclude it better to not have insurance at all and pay for everything in cash? If we can't trust the government, or the insurance companies, then perhaps it's best to leave these middlemen out.
I'm not saying hospitals have never had a data breach but at least I'd minimize the number of places that my data can be stolen from. It also makes the attacks much harder. Instead of attacking a big insurance company, or a government agency, the people that want health records would have
Re: (Score:2)
The largest data-breach in American history
I'm not disputing this, but how are you measuring the "size" of the breach? Productivity lost? Highest profile? The total number of individuals affected? Or is a breach bigger if slightly fewer people are affected but in a more substantial way? I can think of many ways that the Sony breach was bigger, or the Snowden leaks, or the recently disclosed Panama Papers (though not "American").
Re: (Score:2)
The largest data-breach in American history
I'm not disputing this, but how are you measuring the "size" of the breach? Productivity lost? Highest profile? The total number of individuals affected? Or is a breach bigger if slightly fewer people are affected but in a more substantial way? I can think of many ways that the Sony breach was bigger, or the Snowden leaks, or the recently disclosed Panama Papers (though not "American").
Number of people affected, each of which could have had the entirety of their medical records copied.
Last I heard, it was traced back to Chinese hackers, who wanted to find out how the US had such a great – *cough* – healthcare system.
Anyone get the actual report? (Score:2)
The Reuters article has a link to the actual report:
http://info.securityscorecard.... [securityscorecard.com]
They have a form to fill out and they send a link to your email address for the download. No biggie there, we all have many addresses.
But they also demand your phone number. I'm not giving anyone my real phone number, wtf, and why would they even ask?
They haven't yet sent me a link.
Anyone seen the report? I'm curious to know what was their criteria for ranking. And, considering that unauthorized penetration testing is kind
Re: (Score:3)
The Reuters article has a link to the actual report:
http://info.securityscorecard.... [securityscorecard.com]
They have a form to fill out and they send a link to your email address for the download. No biggie there, we all have many addresses.
But they also demand your phone number. I'm not giving anyone my real phone number, wtf, and why would they even ask?
They haven't yet sent me a link.
Anyone seen the report? I'm curious to know what was their criteria for ranking. And, considering that unauthorized penetration testing is kind of a no-no, I'm even more curious as to how they obtained their data.
I poked around on their web site and stumbled across a scroll-up window link that downloaded the file directly, although the link did not say that.
http://blog.securityscorecard.... [securityscorecard.com]
Some of their criteria makes sense:
"SecurityScorecard identifies potential vulnerabilities in network security by identifying open ports and examining whether or not an organization uses best practices such as staying up-to-date with current protocols, or securing network endpoints to ensure external access to internal systems are
Public vs private (Score:2)
Aren't private entities more likely to keep data breaches quiet if they can, to avoid reputational damage or frightening the stockholders? They don't have to follow the same disclosure rules as the Government if personal data isn't involved and aren't necessarily subject to the same FoI laws.
That's the people that want backdoors (Score:2)
If they get them, does anybody seriously believe the keys to those backdoors will not be in the hands of state-sponsored and other hackers very soon after?
No motivation to ensure security (Score:2)
Compared to "all major industries", or indeed anyone who has skin in the game, government departments have very little at stake in the matter of computer security. I would be interested to see a list of all individual government employees and contractors who have been severely punished for failing to make IT systems secure. (Except that if such a list exists, it is almost certainly "Top Secret"). In really serious cases, the government tends to punish taxpayers by pretending to fine itself.
I suggest (Score:2)
Better healthcare analogy: how's the VA doing? (Score:2)
I wouldn't look at cybersecurity as a guide, but I would check how the government's doing with the Veteran's Administration (VA hospitals, etc.) as a guide to what future health care might look like.
Re: (Score:1)
Outcome of Lowest Bidder? (Score:2)
US Government trying to Lead By Example (Score:2)
You can't have it both ways. It's a binary choice. Sy
And who issued this report? (Score:2)
And what financial stake do they have in this?
mark
I call bullshit (Score:2)
This is obviously false. The US Gubmint is vast sprawling collection of agencies. Some parts of it have bad security. Other parts have very, very good security.
Federal, state, and local politicians & employ (Score:1)
What's the incentive for federal, state, or local politicians & employees to make their systems secure?
For someone in the private sector, there are incentives at all levels of the corporate hierarchy.
If your job description is security, a significant or catastrophic breach could lead to unemployment. If you're in management and your responsibilities include getting good security people hired and supplied with the tools they need, that breach could lead to unemployment. Top executives whose compensat
Re: (Score:2)
And then they will raise taxes to pay for more failures. On the other hand, it is pretty clear that the US still has some years and maybe decades of remaining functional lifetime. Hence there must have been worse examples in history.