It seems that the Federal government is having problems maintaining its web sites. I reported earlier on the National Response Center reporting page being down. I tweeted Friday morning that the OMB’s RegInfo page had disappeared; well as of Friday afternoon that page has reappeared with a notice that it was ‘currently undergoing system maintenance’ and it is still in that status now.
Web page updates don’t normally take this long. Something else is obviously going on and we just are not being told what. Three common reasons that government that government agencies don’t tell the whole story about problems that they are having are:
• Gross incompetence;
• Criminal malfeasance; or
• National security.
Of course, ‘national security’ is frequently used as an excuse to cover the first two reasons because the agency typically doesn’t have to explain to the public what is really going on in that case. And if they tap dance ‘national security’ well enough, Congress will usually give them a pass as well.
So, I’ll ask the nasty question that probably won’t be answered, were they hacked? And I don’t mean a petty little ‘we were there’ defacement attack that seems to be the hallmark of a couple of international cyber-warrior groups. I’m talking about the serious, ‘I have access to your secure databases’ type of access.
Now neither of these sites deals in any way with national security issues or directly affects any safety or welfare issues, so this probably would not (if it is actually happening, something that I am only loosely conjecturing) rise to a level that would require a public response or retaliation. But, it would provide a pretty serious black eye for our cybersecurity programs at the Federal level; particularly if it were accompanied by back channel communications essentially saying: “Keep your nose out of our business or this will happen in more serious places.”
Of course, that would provide an even better reason not to discuss the situation publicly; the public would demand a response and our cybersecurity posture is just not up to defending against a State level attack.
NOTE: As of 05:00 CDT 06-09-14 the RegInfo site is up.