| While I do think it's a bad idea for the military to outsource computer networks this article uses terrible evidence to back up it's critique and complaints. * "Worse, HP — which acquired Electronic Data Systems and its Navy contract in 2008 — still operates under performance metrics set a decade ago. A typical workstation on the network costs the Navy $2,490.72 per year." A secure workstation with full outsourced support costs $2,490.72 a year? That sounds pretty damn good to me. * "That includes an e-mail inbox with a 50-MB capacity (Gmail’s: 7,500 MB), and 700 MB of network storage (compared to Evernote’s unlimited, free plan). Anything above that is extra." Most corporations give their staff 150mb inboxes. Let's see Google meet the military's requirements at 7,500mb per inbox. Better yet, let's see Evernote give the military unlimited storage space. I bet they could meet all of those requirements for free! The public market client is exactly the same as the Department of the Navy, so it should be a quick switcher-oo! Problem solved! * "A year’s use of a “high-end graphics” workstation sets the Navy back $4,085.64. Extra applications on a laptop or desktop computer can run anywhere from $1,006.68 to $4,026.72 annually. A classified Ethernet port — $9,300 to $28,800 per year, depending on where it’s located." Yup, that sounds about right. High-end graphics workstations and their software are expensive. So are classified networks. * "What’s more, HP isn’t required to take security measures like hard disk encryption, threat heuristics, and network access control that are common today, but were exotic in 2000. Really? They're not taking any security measures?! “Anti-spam services” runs the Navy $2.7 million per year under the contract." It costs $2.7 million to filter spam on the second biggest network in the world? Oh, only the ENTIRE INTERNET is bigger? $2.7 million is a steal. * "Cleaning up a “data spillage” – classified information that got placed an unclassified network – costs $11,800 per incident. In 2008, the Navy paid about $5 million to wipe the data from 432 compromised computers. That’s “almost 10 times the cost of simply destroying the affected machines and replacing them with new ones,” the Washington Times reported." Security incidents are expensive. The Navy sets the protocol for how these incidents are handled, you can't simply dump a computer into an incinerator and certify that the data is destroyed. Well, I suppose you could, but running an incinerator at the level of heat required to completely destroy data is FREAKING EXPENSIVE, TOO. In the several parts of the article that they mention lack of what sounds like quality response tie and botched security updates/software roll outs there isn't enough evidence on the incidents to make any comment. Those incidents are asserted in a manner that is hear-say rather than official reports. I've been really disappointed with Danger Room's tech in National Security reporting. |
For most government machines, they're required to be connected via VPN, and all traffic funneled through the respective agencies in order to be on the internet at all, so at least the cloud data they do access has the opportunity to be logged, scrubbed and sanitized by the agency in question.
I can't speak specifically for Navy, but with most agencies I've dealt with (including DOD,) this is how things are.
So, long story short, if they aren't required to perform any security measures like the above-mentioned, then they should really get kudos for going above and beyond. That said, at least where I am, those are requirements, so I'm guessing the reporter either misspoke or was uninformed.