Somebody at the Department of Commerce opened the wrong e-mail attachment. After spending $2.7 million on a laughable campaign to physically destroy virtually every piece of information technology at the Economic Development Administration, the Commerce Department issued an audit reading, in effect, “Oops.” That report was hardly noticed among the competing evidence of Obama administration incompetence until it was highlighted by Peter Bright of Ars Technica. It’s worth paying attention to.
The trouble began in December 2011, when the Department of Homeland Security alerted Commerce that it had discovered a possible malware infection in the department, specifically within the network located within the Hoover Building. The EDA’s immediate reaction — based on absolutely nothing — was: cyberwar! According to the audit, the main concern among the EDA’s top brass was that the agency was under attack by a nation-state actor. There was no evidence to support that fear, and a good deal of evidence to the contrary, but the EDA basically went to whatever is the Commerce Department’s version of DEFCON 1.#ad#
Which is sort of funny, if you know anything about the organization. The EDA is on the short list for least important agency in the federal government. If you want an indicator of how picayune its activities are, check out its most recent press releases: “U.S. Economic Development Administration invests $4.1 million to support business growth and job creation in North Carolina,” “U.S. Economic Development Administration invests $1.4 million to help establish a trans-border industrial trades training center in Great Falls, Montana,” “U.S. Economic Development Administration invests $9.8 million to help rebuild critical highway link in Mankato, Minn.” You’ll notice a formula there: [U.S. Economic Development Administration] + [dollar amount in low millions] + [locality] = basically a giant machine for generating multimillion-dollar grants and press releases for politically favored business interests in important congressional districts. The second paragraph of virtually every EDA press release begins with the words “The Obama administration is committed to,” while the third paragraph is generally dedicated to whichever governor or member of Congress is being greased. EDA is a corporate-welfare machine of the most familiar Washington variety, one that, to his credit, Representative Mike Pompeo (R., Kan.) tried to defund — an effort that was frustrated in part by his fellow Republicans.
If the Chi-Coms wanted to hurt the U.S. economy, they wouldn’t attack EDA; they’d hire a lobbyist to increase its funding.
But self-importance is epidemic in Washington. Rather than acknowledge the fact that the malware was almost certainly the result of somebody’s clicking on a link to an infected funny-cat video on a department computer, EDA proceeded as though it were facing the tip of the spear in a cyberwar attack by a foreign power. First it cut its computers off from the rest of the network in an effort to keep the malware from spreading, a defensible decision if one that was overcautious in light of the evidence, which pointed to nothing more than a common infection. What happened next, though, demonstrated fascinating ineptitude: Rather than simply identifying the infected computers and fixing them, the agency set about physically destroying its IT hardware — not just computers, but keyboards, printers, digital cameras, and other equipment entirely unrelated to the problem.
This being the federal government, contractors made a killing: EDA spent a mere $4,300 on the process of physically destroying $170,500 worth of computers and equipment, but spent another $1.4 million on advice from contractors, and another $1 million on temporary computers to use while it was destroying the ones it already had.
The only thing that stopped EDA from destroying its entire IT infrastructure was that it ran out of money to fund the demolition.
As the inspector general put it, there was “no evidence of a widespread malware infection,” while Commerce “propagated inaccurate information” and “did not follow the department’s incident-response procedures,” and the man in charge “did not have the requisite experience or qualifications.” The head of the EDA is one Matt Erskine, a Democratic time-server and campaign donor, veteran of the Warner administration in Virginia, and, hilariously enough, formerly “a principal in the Advanced Technology-Telecom and Professional Services practices of the management consulting firm Korn-Ferry International.”
Working from the same DHS warning, the National Oceanic and Atmospheric Administration identified a low-grade infection on its own computers — and fixed them within a few weeks, without turning the agency upside-down or waging jihad against its office equipment. The boss at NOAA is an astronaut. Go figure.
EDA did not respond to requests for comment on this piece. But maybe they were busy slashing the tires of government vehicles.
The people in charge of this mess and the all-important National Raisin Reserve also manage nuclear weapons. Keep that in mind.
— Kevin D. Williamson is a roving correspondent for National Review. His newest book is The End Is Near and It’s Going to Be Awesome.