Comments on: Personal data for 28,000 Navy personnel found on public Web site

By: Navy posts personal data for 100,000 on its Web site - Homeland Stupidity

Navy posts personal data for 100,000 on its Web site - Homeland Stupidity — Fri, 07 Jul 2006 23:50:12 +0000

[...] In June, personal information for 28,000 Navy personnel and family members from a Navy source was found on a civilian Web site accessible to the public. Filed under: Internet, Privacy, Military [...]

By: buff daddy

buff daddy — Tue, 27 Jun 2006 17:06:06 +0000

I have a question that I’ve yet to see answered in these types of stories… What was the hacked Operating System that was storing this information?

Honestly, though, does anybody know the answer and/or why it’s never mentioned as a matter of fact in any of these types of situations? And without a BIASED opinion to boot?

Right now I’m pressed for time, so I’ll save the long-winded diatribe as the catalyst for asking this question for a later time!

By: GAO discloses personal data breach - Homeland Stupidity

GAO discloses personal data breach - Homeland Stupidity — Tue, 27 Jun 2006 16:02:33 +0000

[...] Personal data for 28,000 Navy personnel found on public Web site [...]

By: Michael Hampton

Michael Hampton — Sun, 25 Jun 2006 03:39:55 +0000

You get the idea.

But what’s wrong with the VA contracting out credit monitoring service? This is hardly something I would expect the VA to do, as it’s very unlikely to be qualified to do it, to begin with!

By: Jim

Jim — Sat, 24 Jun 2006 21:43:06 +0000

I completely agree. I remember in the late 90s, before I ever got involved with the military, seeing dozens of military sites being defaced on a weekly basis. I understand there were problems, but the way the DoD went about trying to correct it is what I have a problem with. The IT jobs in the military are naively designed to be like any other job, one that could be taught to anyone who met the basic academic requirements. Unfortunately, that’s just not the case. So essentially it had a bunch of military folks who had spotty training and just didn’t fully understand IT’s role in the DoD. When the military finally realized this, they decided to contract it out to a civilian company. NMCI is an example in my position. NMCI came in and consolidated everything to just a few servers that would support the entire Navy and Marine Corps “enterprise.” Sure it technically lowered the risks of having so many systems compromised from the outside, but not a day goes by that there isn’t a major outage in one of the operating areas which just causes the help desk to be jammed and productivity to bottom out. That’s just one of many technical and financial issues caused by NMCI. What they should have done was restructured the way they did IT training. Their training has gotten much better, but now it’s too late to be able to apply any of it. They should have also standardized the military IT programs. Before NMCI, most commands were running systems without any real structure. The Navy also eventually started pushing standards and practices for IT systems that would get everyone on the same page, but again it was too late. NMCI had already taken over. Don’t even get me started on how much the Navy pays for each workstation or printer install!

That is just a lengthy example of how the military goes about fixing problems. When they see something isn’t working how they expected, they immediately solicit bids to have some civilian company take it over. Look what happened with the VA data breach! As soon as it came to light, they started bidding on a contract for a civilian company to take care of monitoring credit reports. Why couldn’t the military’s current personnel commands have done this? When you hire so many different contractors it should be expected that something like this would happen.

By: Michael Hampton

Michael Hampton — Sat, 24 Jun 2006 17:24:39 +0000

Jim, I don't know if it has anything to do with outsourcing. Government computer security has sucked for as long as I've been watching closely, and that's been since December 30, 1996 when I happened to visit the (new at the time) Air Force web site, only to find out it was hacked. (NSFW) Others have watched for much longer. Anyway, at the time, pretty much any civilian government or military computer on the Internet was about as secure as Swiss cheese. I'd say the situation from then to now has only barely improved.

By: Jim

Jim — Sat, 24 Jun 2006 14:24:55 +0000

I have a little write up on my site that pretty much describes why things like this happen. The DoD outsources so much, it’s inevitable that these things will happen. And unless we start holding them accountable, it will continue.