Add cybersecurity to the list of things politicians have talked about for years and never get around to doing. Why? Our government has proved time and again that it has trouble with technology. When Uncle Sam gets involved with computers he has problems (see: Uncle Sam Is No Geek), a troubling thought considering the cyber attack warnings we are hearing.
Back in May 2009 the president made this stirring statement about America’s cyber future:
We meet today at a transformational moment – a moment in history when our interconnected world presents us, at once, with great promise but also great peril.¹
Turns out the moment was not all that transformational. It was just a reason to talk about infrastructure spending:
But just as we failed in the past to invest in our physical infrastructure — our roads, our bridges and rails — we’ve failed to invest in the security of our digital infrastructure.²
The administration’s Cybersecurity Coordinator is issuing warnings while making the case for new legislation:
In cases of cybersecurity incidents that can damage our critical infrastructure such as the electric grid or our financial, transportation, and communication networks – damage that can put our national security, public safety, and economic prosperity at risk – the Federal government must know what is happening so that it can take steps to bring adversaries to justice and help protect Americans.³
Did anyone bother to ask why the government does not already “know what is happening”? This is what taxpayers pay agencies like Homeland Security to find out. Do we need a new bill and the accompanying fanfare before federal departments can do their jobs?
Like immigration, infrastructure, improper payments and other election year favorites the cybersecurity issue is old. We heard warnings nearly a decade ago about our government’s problems with securing its technology. In 2003 the General Accounting Office cautioned:
Although improvements are under way, recent audits of 24 of the largest federal agencies continue to identify significant information security weaknesses that put critical federal operations and assets in each of these agencies at risk….4
When the president talked about cybersecurity in 2009 he made his usual allusions to spending, this time swapping the healthcare workforce with a digital workforce:
And finally, we will begin a national campaign to promote cybersecurity awareness and digital literacy from our boardrooms to our classrooms, and to build a digital workforce for the 21st century. And that’s why we’re making a new commitment to education in math and science, and historic investments in science and research and development.5
Harry Reid sponsored a cybersecurity bill in 2011 that echoed the president’s remarks. The Cyber Security and American Cyber Competitiveness Act of 2011 promised a lot more than security:
To secure the United States against cyber attack, to enhance American competitiveness and create jobs in the information technology industry, and to protect the identities and sensitive information of American citizens and businesses.6
Now we have a new cybersecurity bill (see note, below). Threatening Americans with death and destruction, the senators who introduced the bill explained that S.2105, the Cybersecurity Act of 2012:
… envisions a public-private partnership to secure those systems which if commandeered or destroyed by a cyber attack could cause mass deaths, evacuations, disruptions to life-sustaining services, or catastrophic damage to the economy or national security.7
The bill also brings a lot of bureaucracy to bear even though our government’s ability to use technology has consistently failed us. Warning of dangerous vulnerabilities in cyberspace, Janet Napolitano testified on behalf of S.2105 and issued her own call to action:
The time to act is now: to improve cybersecurity coordination, strengthen our cybersecurity posture, and protect all elements of our economy against this serious and growing threat, while protecting privacy, confidentiality, and civil liberties.8
Last year the Homeland Security Secretary did her part to demonstrate our government’s inability to cope artfully with technology. Perhaps Ms. Napolitano forgot about pulling the plug on the costly SBInet debacle, technology’s answer to securing the border (see: Homeland Security’s Southwest Border Fantasy). Maybe the problems of implementing E-verify slipped her mind, or the fact that illegal immigrants can trick our technology by simply forging their identity documents.
When the Centers for Medicare and Medicaid Services tried to cut down on fraud they estimated that their new systems, IDR and One PI, could save as much as $21 billion. How did that work out? A Government Accountability Office report found that … it was unknown whether IDR and One PI as implemented had provided financial benefits.9
According to Paymentaccuracy.gov, Medicaid boasted $21.9 billion in improper payments last year, and Medicare Fee-for-Service $28.8 billion. Unemployment insurance had $13.7 billion in bad payments and a 12% failure rate. The National School Lunch Program had a 16% payment error rate. With this kind of a track record, we deserve to know why Washington is unable to use technology to prevent wasting billions of tax dollars.
Before we indulge the demands of politicians to pass what sounds like a typically overblown election year boondoggle we should ask why Washington needs another cybersecurity bill for federal workers to protect our technology. If there really is a problem that could lead to mass death and requires immediate action, why has it been ignored until now? Taxpayers should demand to know how federal officials who have proved they are not able to cope with technology, manage costly projects, and work with the private sector without being fleeced think they can protect not only the government’s information systems, but partner with businesses to save us from the cyber world’s dark side. It would be less costly and more productive to ask Homeland Security to track down the terrorists and hackers we are being warned about and offer them enough money to come and replace the technology workers already on the federal payroll. At least we might have a fighting chance against the bad guys.
Note: GOP senators introduced an alternative cybersecurity bill, the SECURE IT Act, on March 1, 2012, after this post was published. The 2012 bill referred to is S.2105, introduced by Senator Joseph Lieberman and four cosponsors on February 14, 2012.