Somebody at the Department of Commerce opened the wrong e-mail attachment. After spending $2.7 million on a laughable campaign to physically destroy virtually every piece of information technology at the Economic Development Administration, the Commerce Department issued an audit reading, in effect, “Oops.” That report was hardly noticed among the competing evidence of Obama administration incompetence until it was highlighted by Peter Bright of Ars Technica. It’s worth paying attention to.
The trouble began in December 2011, when the Department of Homeland Security alerted Commerce that it had discovered a possible malware infection in the department, specifically within the network located within the Hoover Building. The EDA’s immediate reaction — based on absolutely nothing — was: cyberwar! According to the audit, the main concern among the EDA’s top brass was that the agency was under attack by a nation-state actor. There was no evidence to support that fear, and a good deal of evidence to the contrary, but the EDA basically went to whatever is the Commerce Department’s version of DEFCON 1.
If the Chi-Coms wanted to hurt the U.S. economy, they wouldn’t attack EDA; they’d hire a lobbyist to increase its funding.
But self-importance is epidemic in Washington. Rather than acknowledge the fact that the malware was almost certainly the result of somebody’s clicking on a link to an infected funny-cat video on a department computer, EDA proceeded as though it were facing the tip of the spear in a cyberwar attack by a foreign power. First it cut its computers off from the rest of the network in an effort to keep the malware from spreading, a defensible decision if one that was overcautious in light of the evidence, which pointed to nothing more than a common infection. What happened next, though, demonstrated fascinating ineptitude: Rather than simply identifying the infected computers and fixing them, the agency set about physically destroying its IT hardware — not just computers, but keyboards, printers, digital cameras, and other equipment entirely unrelated to the problem.
The only thing that stopped EDA from destroying its entire IT infrastructure was that it ran out of money to fund the demolition.
As the inspector general put it, there was “no evidence of a widespread malware infection,” while Commerce “propagated inaccurate information” and “did not follow the department’s incident-response procedures,” and the man in charge “did not have the requisite experience or qualifications.” The head of the EDA is one Matt Erskine, a Democratic time-server and campaign donor, veteran of the Warner administration in Virginia, and, hilariously enough, formerly “a principal in the Advanced Technology-Telecom and Professional Services practices of the management consulting firm Korn-Ferry International.”
Working from the same DHS warning, the National Oceanic and Atmospheric Administration identified a low-grade infection on its own computers — and fixed them within a few weeks, without turning the agency upside-down or waging jihad against its office equipment. The boss at NOAA is an astronaut. Go figure.
EDA did not respond to requests for comment on this piece. But maybe they were busy slashing the tires of government vehicles.
The people in charge of this mess and the all-important National Raisin Reserve also manage nuclear weapons. Keep that in mind.
— Kevin D. Williamson is a roving correspondent for National Review. His newest book is The End Is Near and It’s Going to Be Awesome.