How not to respond to garden variety malware.

Filed in GovernmentTags: , , , ,

destory_all_the_thingsAn article over at Ars Technica tells of the Economic Development Administration (a branch of the Department of Commerce) and what is so far the worst response to a possible mal-ware infestation I’ve heard this year; destroying $170,000+ in equipment.  They didn’t destroy the rest (an additional $3m) because they ran out of money to destroy it.  Go read the article, it’s a fascinating view into the mind of a very strange CIO.  I’ll wait.

It’s really kind of disturbing that a division of the Dept of Commerce devoted to promoting “economic development in regions of the US suffering low growth, low employment, and other economic problems” has so much technological incompetence that they’d destroy hundreds of thousands of dollars of equipment, including mice, keyboards, monitors, printers to clean up.. get this.. SIX computers infected with garden variety mal-ware.

Details at the link, but this paragraph pretty much says it all:

“EDA’s CIO, fearing that the agency was under attack from a nation-state, insisted instead on a policy of physical destruction. The EDA destroyed not only (uninfected) desktop computers but also printers, cameras, keyboards, and even mice. The destruction only stopped—sparing $3 million of equipment—because the agency had run out of money to pay for destroying the hardware.”

That’s right. They destroyed ONLY $170,000 in equipment because they ran out of money to destroy all of it.  Spending another $1m to rent replacement equipment only makes matters worse.

These are the people who’s job is economic development.  If they’re this inept at something as trivial as managing their IT infrastructure, how the hell can we have any faith in their ability to handle something as complex as economic development in depressed areas?


Comments (Comments are closed)

2 Responses to “How not to respond to garden variety malware.”
  1. Leon Jester says:

    LWJ2 wrote:
    Okay. CIO supposedly is the acronym for ‘chief information officer.’ Is s/he a stockholder in Dell or another manufacturer of business computers?

    Those who know me are aware that I’m a nerd, not a geek; but hell, **I** have more sense than that.

    I hope his/her job is put up for bid, I’m bidding on it. I’ve got a killer CV ready:

    Previously cleared, 22 years experience in medical imaging, 20+ in photographic imaging; familiar with several programs, survived three major changeovers; have never cost the government or any of my employers $1.17M.
    Salary requirements: $150k/yr. plus 4-passenger sedan and fuel; six year contract. Willing to take it on the chin for boss if contract fulfilled.

  2. scott says:

    I wouldn’t take that job if it paid $250k a year. CIO is almost all about politics and compliance now. CTO, on the other hand… That’d I’d take.

    I’ve been thinking and I can’t figure out why it costs so damned much to destroy the equipment. Pull the hard drives and send them off to somewhere to have them crushed (call any law office of accounting firm and they can tell you where to send them; ADP had two hard drive shredders in the office I worked at last year). Then you can just send the rest off to the recyclers or even find someone locally who will *pay* you to ‘dispose’ of the hardware. It’ll end up on EBay in a week, but hell, it’s gone and there’s no chance of data making it into the wrong hands.

    This whole story would be worthy of the Onion if it hadn’t come from the Govt’s own auditors.

    And these are the people charged with improving the economy? Really?