Cybersecurity failings defy answers

Readers share their theories about why cybersecurity is so lousy in the federal government

If cybersecurity is so important and if so many security guidelines and solutions are readily available, why are federal agencies doing such a lousy job of protecting vital systems?

That was the gist of a speech given last month by Howard Schmidt, the White House's cybersecurity coordinator. It sparked a flurry of comments at

Schmidt offered his ideas for solving the problem, which include enterprisewide network intrusion detection and better math and science training in U.S. schools. Some readers responded to his recommendations, while others simply echoed his consternation.

Anony Mous picked up on Schmidt’s idea of raising a new security-savvy generation of technology workers.

“Get kids in high schools to set up their own school-specific social network servers, using Drupal or other open-source community software, as an extracurricular activity,” Anony Mous wrote. “Let them define the content and how it works. Let them deal with both the nitty-gritty details of running a system that could be vulnerable to attack and the content-level disputes over free speech vs. defamation and fraud.”

Outdated Ideas?

But several readers questioned Schmidt’s assumptions about intrusion-detection technology.

“Is intrusion detection/prevention even possible on such a diverse network as used by the federal government?” wondered CuriousIT. “Multiple operating systems, multiple versions of each operating system, multiple versions of browsers, differing requirements for managing ports due to the use of legacy software that was written when security wasn't even an afterthought. How do you wade through all the false positives? Mr. Schmidt is correct that something has to be done, but unless there [are] funding and teeth behind his statements, progress will be slow.”

“With the advent of cloud computing, social networking, mobile devices, etc., it is difficult to define the true perimeter of a network,” wrote Andy McEachron. “Network intrusion detection is becoming less effective. Host-based intrusion detection is becoming more important, more so when IPv6 begins to take hold.”

No Help for the Clueless

The root of the problem is that so few people in government really understand the issues, wrote Papa K. “Most nonsecurity types within the government don't have a clue. They think they know because they can spell 'security,' but they have no idea what they're doing. So no standard is going to help if they have no clue.”

Federal workers also get a lot of mixed messages, wrote RayW. “Let me see now: We need more security stuff. We need more Facebook and other 'social network' stuff. Riiiiiight.”

Bman was just happy to hear Schmidt talk in such frank terms. “It’s about time a cyber chief admits the shortcomings of the federal government in this area and makes an effort to fix them, publicly ensuring that things have been documented,” Bman wrote.

Concerned in Virginia, on the other hand, found the speech altogether disheartening. “If they're so excellent, why [isn't] the government's computer systems' security better? I've read a lot from ‘government cyber gurus’ that our systemwide computer network security is terrible; so then, why aren't they doing something to make it better, [rather] than blaming one another for failure?”

About the Author

John Monroe is Senior Events Editor for the 1105 Public Sector Media Group, where he is responsible for overseeing the development of content for print and online content, as well as events. John has more than 20 years of experience covering the information technology field. Most recently he served as Editor-in-Chief of Federal Computer Week. Previously, he served as editor of three sister publications:, which covered the state and local government IT market, Government Health IT, and Defense Systems.


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected