U.S agency kills hardware over routine malware warning

An almost farcical series of miscommunications led to the destruction of $170,000 worth of IT gear by the U.S. Department of Commerce’s Economic Development Administration over a routine malware warning, and it was only a lack of budget that stopped the agency from throwing out another $3 million in hardware.
 
The comedy of errors not only points up a lack of communication between agencies, but also a fundamental misunderstanding of technology.
 
RELATED CONTENT

The timeline of the fiasco runs something like this:
 
* In December 2011, the Department of Homeland Security (those guys who told the entire North American population to disable Java on its computers) warns the Commerce Department of a potential compromise of its systems.
 
* The Commerce Department identifies the potentially compromised computers as belonging to the Economic Development Administration. Its warning to the EDA names accidentally names 146 systems as being compromised, when in fact, the number is only two.
 
* A follow-up warning tells the EDA that only two systems are compromised, but in classic CYA fashion, does not clearly point out that the first warning was erroneous.
 
* The EDA treats the follow-up as a confirmation of the first warning and proceeds on the understanding that 146 systems are compromised. The EDA commissions a forensic analysis of the two systems identified by Commerce and confirms that they are infected with malware.
 
* Commerce tells the EDA to reimage the systems. The EDA replies that the problem is too widespread. Commerce assumes that the forensic analysis uncovered more compromised systems.
 
* Fearing rampant malware and possible nation-state attack, EDA’s chief information officer disconnects the systems from the network.
 
* Paranoid of persistent threats in the system, the EDA begins destroying hardware. About $170,00 worth of computers, printers, keyboards and computer mice are taken out of commission (keyboards? mice?) even though an independent analysis identifies only minor and easily fixed problems.
 
* The EDA runs out of funding before it can destroy its $3 million in remaining technology assets.
 
* At the end of the day, the EDA has spent half of its 2012 budget — or about $2.7 million — recovering from a minor malware infection.
 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now