Monday, October 24, 2005

An "Activist Judge" Gets Security Right

I don't know if U.S. District Judge Royce Lamberth fits the current definition of "activist judge" but he recently acted in what I consider to be an admirable way by pro-actively preventing computer security problems. On October 20 he ordered the U.S. Interior Department "to disconnect from the Internet all computer equipment holding data related to trust accounts it manages for American Indians, a decision that could cripple large sections of the agency's computer network."

While this is only the latest in a long saga of actions and responses between Judge Lamberth and the Interior Department, it is a timely reminder of what life would be like if networks were not allowed to be connected to the Internet unless they could prove, to the satisfaction of independent experts, that there were secure. In the latest security review "investigators testified they would give the department's computer security an 'F' grade or "one notch lower than an 'F' ... a 'G.'"

But that is not the most alarming fact in this story. The failing grade came after the department had spent $100 million on security improvements.

And for those who think government agencies are, by their nature, wasteful and incompetent, I am willing to bet there are Fortune 500 companies out there that would fail the same test.

Stephen

No comments: