Alan Paller, who is research director at the SANS Institute, a cybersecurity education group, said that the US was spending shedloads and getting so little impact for it.”
The report draws on previous work by agency inspectors general and the Government Accountability Office to paint a broader picture of chronic dysfunction, citing repeated failures by federal officials to perform the unglamorous work of information security. Apparently a common password on federal systems, the report found, is “password.”
The report levels particularly tough criticism at the Department of Homeland Security, which helps oversee cybersecurity at other federal agencies. The report concluded that the department had failed even to update essential software so how could it help others do it.
One of the problems is the failure of federal agencies to hire top-notch information technology workers, pay them enough and give them enough clout to enforce routine security practices. Agency directors are rarely held accountable for security failures, experts said, because it is often unclear who is responsible.