Editorial: Snail-paced security

Monday, July 3, 2006 | 7:30 a.m.

In what charitably could be described as a better-late-than-never approach, President Bush has given federal civilian agencies 45 days to enact new security measures to protect the personal information of millions of Americans that many agencies possess.

The president's declaration came about a week before the FBI's announcement Thursday that it had recovered the stolen Veterans Affairs Department laptop and hard drive that contained the personal data of millions of retired and active-duty military personnel. Tests showed the data had not been accessed.

Bush's new security guidelines, which he issued June 23, came during a month in which data thefts or security breaches at five federal agencies placed Social Security numbers at risk of being revealed or stolen, the Washington Post reported. Furthermore, a story last week by the Post showed that a person with advanced computer skills could hack into the electronic voting systems most commonly used in local and state elections.

When is government going to catch up? Policy change typically occurs in what could be described as geologic time. And taxpayer-supported agencies at all levels of government often struggle with obtaining even the most marginally up-to-date technology.

The problem is that cyber-thieves do have access to advanced technology. And when government agencies fail to enact security measures fast enough or try to save money by not acquiring the staff or the software upgrades necessary to keep data safe, security breaches are bound to happen.

Bush's guidelines call for encrypting all data on laptop or handheld computers and requiring employees to use a password and a keycard to access databases from remote locations. Such connections must be automatically terminated after 30 minutes. Agencies would have to log what sensitive information has been downloaded and prove that those records are deleted within 90 days, unless the information is needed longer.

Enacting such policies in 45 days may be lightning speed for government. But such urgency is necessary daily, not just in the wake of a theft. Computer crooks work all day long with the best equipment available, looking for ways to sneak into government systems. If government wants to operate in the computer age, it must work at computer speed.