#MyStupidGovernment continues SNAFU
There is a department within the US Government that sets and publishes computer security standards. They are NIST, The National Institute of Standards and Technology. You can access their vast list of publications (49205, 100 of which deal with cybersecurity) HERE:
National Institute of Standards and Technology
A couple excellent starter publications:
1) 2017 ANNUAL REPORT NIST/ITL CYBERSECURITY PROGRAM
2) Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks
Sadly, few elected officials bother to read NIST's publications or adhere to their security standards advice. This is very old news. The hashtag: #MyStupidGovernment was born out of the events of 2007. Since 1998, China: Criminal Nation, was known and documented to have been hacking into US federal computers. In 2007, after nine years of hacking, my government decided to admit that every single government Windows computer exposed to the Internet had been infested with bots that sent every document on those computers to the Red Hacker Alliance of China, a hacking group that is now integrated into the Chinese military. 'Shameful' doesn't cover the damage caused by my government's cybersecurity incompetence. Even worse was China's 2013 cyber-theft of records from the OPM, the U.S. Office of Personnel Management. That data included names, addresses, phone numbers, social security numbers, financial data, family status and job descriptions of every US federal government employee, including those working for US security and intelligence services as well as those applying for security clearance. The number affected by this hack was eventually discovered to be more than 22 million people.
Biting the hand that feeds IT
