Monday, May 29, 2006

Recommended Reading on Federal IT

CIO Magazine absolutely hammered government IT in its lengthy story Federal I.T. Flunks Out. You wouldn't read that news in FCW. Commenting on the problem is this former IRS CIO:

"Ultimately this is a security threat," says John Reece, a former IRS CIO and now a consultant to the federal government. "If we can't get beyond the legacy systems we have today, while our enemies are starting off with state-of-the-art technology, what's going to happen is they're going to absolutely tear us to pieces again."

Wrong. It's not a security threat. Poor IT management is a vulnerability. Argh.

2 comments:

Anonymous said...

Wrong.
"Threat" -- one that is a potential danger or menace.
Do poor management practices create an event or situation of potential danger or menace? Yes.

Richard, the quote you provide uses the modifier "this" as a pronoun. The poor word choice and usage displayed here is called a dangling modifier, something he should have learned by fifth grade:
"Ultimately this is a security threat...". What is a security threat? No one knows from that statement, because of his poor word choice.

You two need to learn some proper english, which is very difficult for most techies.
He is using the term 'threat' correctly as a situation that is a potential danger or menace. But his lazy usage includes 'this' as though it were a meaningful subject, which it is not.
You, on the other hand, simply misunderstand the words 'threat' and 'vulnerability' and their usage. Here is a statement that is correct: while poor IT management allows software and hardware vulnerabilities on the network to exist, IT management itself is not a vulnerability. It may be a lazy practice, but it is not a vulnerability.

Richard Bejtlich said...

Here's the full quote:

"Ultimately this is a security threat," says John Reece, a former IRS CIO and now a consultant to the federal government. "If we can't get beyond the legacy systems we have today, while our enemies are starting off with state-of-the-art technology, what's going to happen is they're going to absolutely tear us to pieces again. I say this because I, and others like me, give a big damn about what we've been trying to do, and we would like to see this stuff get cleaned up before it's too late."

"This" seems to refer to "legacy systems". Legacy systems are not a threat. Legacy systems expose vulnerabilities.

"Poor management practices" do not create threats, either. They create vulnerabilities.

Your own definition says "one that is a potential danger or menace." One sounds like a "party" to me, as is the case with my previous threat definition.

I honed my English getting a master's degree from Harvard. :)