Many publications, includingMission Critical, reported on a July 14th, 2010, National Security Council report touting the government’s progress in securing the nation’s cyber assets. According to the NSC, “In the 14 months following that address and the release of the President’s Cyberspace Policy Review (CPR), the Administration has taken concrete steps to achieve that goal, making cyberspace more secure.” Mission Critical’s current cover story caused me to reflect critically and cynically on the likelihood that the government has successfully secured our infrastructure. The story describes an array of easy-to-implement, hard-to-detect and very effective attacks that could wreak havoc on the nation’s data centers and other mission-critical facilities.

This story comes on the heels of a NetApp survey  of 143 Federal IT professionals and systems integrators that revealed doubt among these insiders that the government could successfully implement a consolidation plan aimed at reducing the number of data center, which would reduce IT costs and improve security. MeriTalk gathered these responses in May 2010 at the “1,100–How Many Federal Data Centers Does It Take…” event in Washington, D.C. 


MeriTalk and NetApp also found that most Feds believe the Federal Data Center Consolidation Initiative goals will not be achieved in the timeline outlined

•  Three out of four say the objectives will not be achieved by endof Q3 FY 2011

•   Feds indicate a disconnect on what the final number of Federal data centers should be

•   37 percent are on the fence as to whether or not there will even be a data center reduction

The survey found that 86 percent of the respondents identify government culture as the top barrier to consolidation.


The good news, relatively speaking, is that 45 percent think that OMB’s cloud plans are realistic and 62 percent think it will take up to five years for their agency to shift to cloud computing as its primary processing environment.


I say good news because agencies trying to count federal data centers seem to arrive at drastically different results, which means that there is no consensus about the size and scope of the project.


Even worse,  Wayne Rash, writing for eWeek.com  , says, “First, the current discussion about data center consolidation assumes that existing federal data centers can be consolidated at all. Second, it assumes that the operational needs of an agency operating a potential data center can meet the needs of tenant agencies.” Rash points to the need for each agency to maintain a secure computing environment and the dysfunctional environment created by a procurement system that mandates that federal data centers meet minimum standards but ensures that they are generally incompatible.


The gap between the NSC report on cyber security and the continuing vulnerabilities of our existing infrastructure seem vast. The Mission Critical story suggests that our mission-critical facilities remain open to attack and continued reports that suggest that foreign governments sponsor malicious probes looking for logical flaws in secure data centers cause me to worry that the NSC report can be considered wishful thinking. Perhaps we are making progress towards securing our cyber infrastructure but we remain overly optimistic about our starting point.