…about Federal bureaucrats and their…managers? And no, I’m
not talking about a Deep State or an Administrative State.
The Biden administration on Wednesday issued a sweeping new order mandating that nearly all federal agencies patch hundreds of cybersecurity vulnerabilities that are considered major risks for damaging intrusions into government computer systems.
The new requirement is one of the most wide-reaching cybersecurity mandates ever imposed on the federal government. It covers about 200 known security flaws identified by cybersecurity professionals between 2017 and 2020 and an additional 90 discovered in 2021 alone that have generally been observed being used by malicious hackers. Those flaws were listed in a new federal catalog as carrying “significant risk to the federal enterprise.”
What does this say about the proactivity, the willingness to act on their own recognizance, of the bureaucrats running these agencies and of the bureaucrats responsible for IT in these agencies?
It gets worse.
A significant majority of the flaws being published on the DHS catalog are ones that weren’t covered under previous orders, a senior official said.
Where’s the initiative? The lack is as appalling as it is unacceptable. Waiting—needing—to be told what to do? Really?
These are people who Know Better and passive-aggressively obstruct actions and orders with which they personally disagree. They’re in the way and need to be terminated.
These are other people who are unable to make the office cultural change necessary. They’re also in the way and need to be terminated, albeit with more favorable rationales than that first category.
These are yet other people who’ve simply had their weak performance tolerated out of misguided efforts at being nice. They’re also in the way and need to be retrained—and terminated if the training doesn’t lead to improved performance.
But most of all, those office managers and IT honchos shouldn’t have had to be told to do this critical part of their jobs. They need to be replaced, and their replacements better vetted.
If cybersecurity officials at a certain agency fail to comply with a directive, DHS [for instance] can notify the agency’s senior leaders, who are then responsible for resolving the noncompliance.
This is entirely too slow. Those failing to perform need to be corrected promptly, and if necessary, terminated promptly.
Cybersecurity isn’t just a matter of national security. It’s a matter of national survival.