U.S. Blows $5.7 Bil on Cyber Defense System That Doesn’t Work

Reckless government spending is at full throttle with the example du jour a $5.7 billion cyber defense system created to protect computers at federal agencies against hackers. Despite its mind-boggling price tag the system is seriously flawed and uses features already available in much cheaper commercial-grade products, according to a federal probe made public recently.

The problem, besides sticking it to taxpayers for the exorbitant cost, is that the multibillion-dollar system simply doesn’t work. Nevertheless, the bloated agency handling this particular boondoggle, the Department of Homeland Security (DHS), insists the program, National Cybersecurity Protection System (NCPS), is effective despite its documented failures. This is par for the course at the monstrous agency created after the 9/11 terrorist attacks to keep the nation safe. DHS has been involved in a number of transgressions that have left the country incredibly vulnerable, especially on the southern border where Islamic terrorists have teamed up with Mexican drug cartels to enter the U.S.

Now it’s leaving sensitive computer systems throughout government vulnerable to web threats, even after spending an astounding amount of money. It gets better, or rather, more enraging. Most of the features used by the government’s specially created NCPS are available in commercial security network appliances that are already used by federal agencies. In fact, DHS admits that some commercial products, which cost a lot cheaper than $5.7 billion, likely contain more features than the agency’s fancy NCPS. You can’t make this stuff up! It’s all documented in a federal audit made public with lots of redactions, presumably to protect national security.

A secret version of the probe, conducted by the Government Accountability Office (GAO), the investigative arm of Congress, with more details was issued to federal agencies a few months ago. The public version is undoubtedly toned down, but still outrageous. Congressional investigators determined that the NCPS’s capabilities are “limited” in all areas and that the system can’t detect anomalies that may indicate attempts to attack a network. “By employing only signature-based intrusion detection, NCPS is unable to detect intrusions for which it does not have a valid or active signature deployed,” the GAO report states. “This limits the overall effectiveness of the program.”

Why, then, is the government continuing to use this dysfunctional, multibillion-dollar system if it can’t detect threats—old and new—adequately? The answer, straight from DHS officials, helps illustrate what’s wrong with government. In response to the scathing GAO report, officials from the agency’s Network Security Deployment (NSD) say that they are only tasked with providing a baseline set of protections and “government-wide situational awareness.” In other words, the officials tasked with protecting national security seem to be claiming that it really isn’t their job. There appears to be an epidemic of this throughout government.

This is hardly the first time we see this sort of egregious waste at DHS. The agency blew $878 million on an ineffective behavior program, Screening of Passengers by Observation Techniques (SPOT), that promised to single out terrorists at airports but never did. DHS also wasted $360 million on drones that were supposed to guard the Mexican border and increase apprehensions of illegal immigrants. That failed miserably as well. Just a few months ago Judicial Watch reported on yet another flawed DHS experiment that cost the government a billion dollars. Known as BioWatch, the billion-dollar swindle is promoted by the agency as a system that detects biological attacks and can therefore counter bioterrorism. The reality is that it’s useless.