It's been quite a week for government information security. For the fellow connoisseurs of human folly, here's the recap.
First and foremost, the NSA's website was down for reasons unspecified. Since officials at the NSA would not comment on whether or not it was the work of attackers, we're left to assume that it probably was.
Next, the GSA has shut down a web page used by contractors due to application security issues - basically, there wasn't any authentication on the site; sure, you had to type a username and password in, but the website had two states: authenticated and not-authenticated. By manipulating the URL parameters, one could call up documents belonging to other companies or submit document on their behalf. Ouch.
The IG (Inspector General) continues to get it done; he's continued the tradition of past reports and said that the DoD's security posture continues to be below par. From the report:
“Specifically, 120 of 148 IT systems (81 percent) reported in the fiscal year 2006 President’s Budget Capital Investment Reports did not match to reports on the same systems in the IT Registry, and 87 of 148 IT Registry reports (59 percent) were not internally consistent between the system mission criticality and the mission assurance category data elements...”
Burning brightly against the backdrop of incompetence are the certification of the DoD defence crime lab and the publication of the 2006 IG audit plan - the IG, getting it done once again...