In 2011 the U.S. federal government spent at least $13 billion on IT security. A full $10 billion of that money was spent by the Department of Defense. Most of it seems to have gone to snazzy new patches for the various cyber-commands because the DoD\u2019s own assessment team says the military\u2019s IT security is still atrocious.\n\tHow atrocious?\n\t\n\t\t"During exercises and testing, DoD red teams, using only small teams and a short amount of time, are able to significantly disrupt the 'blue team\u2019s' ability to carry out military missions. Typically, the disruption is so great, that the exercise must be essentially reset without the cyber intrusion to allow enough operational capability to proceed. These stark demonstrations contribute to the Task Force\u2019s assertion that the functioning of DoD\u2019s systems is not assured in the presence of even a modestly aggressive cyber-attack."\n\n\tThis is just one of the many astounding quotes to be found in The Defense Science Board\u2019s report\u00a0on American tax dollars going straight down the tube. Here are a few more:\n\t\n\t\t"After conducting an 18-month study, this Task Force concluded that the cyber threat is serious and that the United States cannot be confident that our critical Information Technology systems will work under attack from a sophisticated and well-resourced opponent utilizing cyber capabilities in combination with all of their military and intelligence capabilities."\n\t\n\t\t"The Task Force could not find a set of metrics employed by DoD or industry that would help DoD shape its investment decisions. A qualitative comparison of resources and DoD level of effort in relation to the success rate of red teams is clear evidence of the lack of useful metrics."\u00a0Translation: The Task Force has\u00a0absolutely no way to determine if DoD's efforts have been successful.\n\t\n\t\t"This Task Force recommends improving the cyber resiliency of a mix of the following systems for assured operation in the face of a full spectrum adversary: global selective strike systems e.g. penetrating bombers, submarines with long range cruise missiles\u2026"\u00a0Translation: It would be nice if DoD\u00a0could use some of the\u00a0weapons it already\u00a0paid for.\n\t\n\t\t"Our nuclear deterrent is regularly evaluated for reliability and readiness. However most of the systems have not been assessed (end-to-end) against a Tier V-VI cyber attack to understand possible weak spots. A 2007 Air Force study addressed portions of this issue for the ICBM leg of the U.S. triad but was still not a complete assessment against a high-tier threat."\u00a0Translation: Do you remember the Maginot Line?\n\n\tThe report doesn't contain all bad news. The team did take a moment to commend the Pentagon\u2019s efforts to prevent people from stealing guns, tanks and aircraft carriers before returning to the main theme.\n\t\n\t\t"While DoD takes great care to secure the use and operation of the 'hardware' of its weapon systems, these security practices have not kept up with the cyber adversary tactics and capabilities."\n\n\tSadly the Defense Science Board didn't explain what happened to all that money allegedly spent on IT security. Perhaps that\u2019s because while $10 billion sounds like a lot of money, it\u2019s a normal cost overrun when it comes to the Pentagon. In fact it is exactly half the amount the military spent on one year of air conditioning for U.S. troops in Iraq and Afghanistan.\n\tIf it is any consolation to anyone (and it shouldn\u2019t be) the report provides evidence that U.S. IT security has always been terrible:\n\t\n\t\t"A recently declassified example of a [then] high-tier exploitation is a Soviet Union operation against the United States during the Cold War designated by the United States as Project GUNMAN. In the 1970s and early '80s, the IBM Selectric typewriter was considered an advanced electromechanical 'computer' of its day. Soviet 'cyber warriors' managed to replace the comb support bar of the typewriter with a device that externally looked the same but was cleverly modified to enable the transmission in plain text of nearly every typed key to a nearby Soviet listening post. Between 1976 and 1984, sixteen of these typewriters found their way into the U.S. Embassy in Moscow and the U.S. Mission in Leningrad."\n\n\tAs was stated in the classic Stanley Kubrick flick Dr. Strangelove: "Well, I've been to one world fair, a picnic, and a rodeo, and that's the stupidest thing I ever heard come over a set of earphones."\n\tPS: Andrew Conte has a very good story on the entire report here.