Skip to main content

US agency baffled by modern technology, destroys mice to get rid of viruses


 

The Economic Development Administration (EDA) is an agency in the Department of Commerce that promotes economic development in regions of the US suffering low growth, low employment, and other economic problems. In December 2011, the Department of Homeland Security notified both the EDA and the National Oceanic and Atmospheric Administration (NOAA) that there was a potential malware infection within the two agencies' systems.
The NOAA isolated and cleaned up the problem within a few weeks.

The EDA, however, responded by cutting its systems off from the rest of the world—disabling its enterprise e-mail system and leaving its regional offices no way of accessing centrally-held databases.
It then recruited in an outside security contractor to look for malware and provide assurances that not only were EDA's systems clean, but also that they were impregnable against malware. The contractor, after some initial false positives, declared the systems largely clean but was unable to provide this guarantee. Malware was found on six systems, but it was easily repaired by reimaging the affected machines.
EDA's CIO, fearing that the agency was under attack from a nation-state, insisted instead on a policy of physical destruction. The EDA destroyed not only (uninfected) desktop computers but also printers, cameras, keyboards, and even mice. The destruction only stopped—sparing $3 million of equipment—because the agency had run out of money to pay for destroying the hardware.
The total cost to the taxpayer of this incident was $2.7 million: $823,000 went to the security contractor for its investigation and advice, $1,061,000 for the acquisition of temporary infrastructure (requisitioned from the Census Bureau), $4,300 to destroy $170,500 in IT equipment, and $688,000 paid to contractors to assist in development a long-term response. Full recovery took close to a year.
The full grim story was detailed in Department of Commerce audit released last month, subsequently reported by Federal News Radio.
The EDA's overreaction is, well, a little alarming. Although not entirely to blame—the Department of Commerce's initial communication with EDA grossly overstated the severity of the problem (though corrected its error the following day)—the EDA systematically reacted in the worst possible way. The agency demonstrated serious technical misunderstandings—it shut down its e-mail servers because some of the e-mails on the servers contained malware, even though this posed no risk to the servers themselves—and a general sense of alarmism.
The malware that was found was common stuff. There were no signs of persistent, novel infections, nor any indications that the perpetrators were nation-states rather than common-or-garden untargeted criminal attacks. The audit does, however, note that the EDA's IT infrastructure was so badly managed and insecure that no attacker would need sophisticated attacks to compromise the agency's systems.

Comments

Post a Comment

What do you Think about This Article? Share Your Comments Here

Popular posts from this blog

LG’s first flexible OLED phone due before the year is out

LG plans to launch a flexible OLED smartphone before the end of the year, the company’s VP of mobile has confirmed, though it’s unclear to what extent the work-in-progress handset will actually flex. The OLED panel in question is the handiwork of LG Display according to VP of LG mobile Yoon Bu-hyun, the WSJ  reports, with the proposed device set to launch sometime in Q4. LG Display’s work on flexible OLEDs has been underway for some time, though the company’s efforts have perhaps been overshadowed somewhat by rival Samsung’s YOUM development. Last year, according to a Korea Times report, LG Display was preparing for
Post a Comment
Full Story »

Bing Apps for Windows 8 get major updates

Late least year, Microsoft rolled out a half dozen Bing Apps for Windows 8 users, each one focused on a specific category, such as travel and sports. The apps were designed to offer “immersive vertical experiences,” and now, about six months later, a big line of updates for them is being pushed out. Users can grab the updates now by heading into the Windows Store and selecting the updates notification.
Post a Comment
Full Story »
Flexible displays are the Future of IT Industry! A part from 4k and smart home appliances, the CES 2013 saw a lot of attention being drawn towards bendable, flexible displays. The elasticised display idea isn’t something new as we have seen hoards of device concepts being crafted around flexible, bendable and even foldable displays. These concept devices give us a futuristic feel, be it a flexible phone to be worn around the wrist or a phone that opens up to turn into a tablet or PSP-like device. But how far is this future? Nokia has been toying with the idea ever since we remember. The technology sounds very fascinating and the possibilities and the extent to which bendable displays could be used are vast and leave us spellbound. However, these have always been concepts and we haven’t seen any device materialise in the real world. There have been several technologies that were conceived in these years and all have been put to their practical use. But the bendable d
Post a Comment
Full Story »