In The Cuckoo’s Egg, Cliff Stoll recounts the true story of how a $0.75 billing discrepancy ultimately uncovered a German spy ring selling US military secrets to the KGB.
Stoll’s story also highlights the government’s inability to understand and accept the potential damage of computer crime and the bureaucratic infighting between the different intelligence agencies (FBI, CIA, NSA). Until the evidence became overwhelming and beyond repute, each agency found (invented?) ways to disavow responsibility. Plenty of finger-pointing and top-secret meetings to keep things moving forward.
I once joined a sales call with a major Wall Street financial firm on which their Director of IT stated, clearly and without dramatics, that If [his financial firm] were hacked, the western economies would go tits up. All third-party solutions in his shop must have strong, documented security practices because of the potential outcomes. At the time, he was POC’ing solutions from four different vendors; while he preferred a single solution, multiple solutions allowed him to not put all his eggs into a single basket. Costly but potentially necessary.
And forty years hence, government computer systems continue to have severe security flaws. Unfortunately, that doesn’t really surprise me.
