Diminished Capacity

Shocking News: Government Agency is Ineffective!

An article in information week reveals the shocking fact that the Department of Homeland Security's efforts to fight "cybercrime" are "plagued by problems". One good quote:

"Despite the progress made, DHS faces significant challenges in developing and implementing a program to protect our national cyber-infrastructure," Ervin's report said.

Of course, one asks what they legitimately could do to "protect our national cyber-infrastructure". Those of us who are actually involved in computer security are working pretty hard to come up with solutions to things like denial of service attacks, viruses, and other issues. There isn't terribly much they could be doing other than law enforcement, and they don't seem to ever do any of that. People are, for practical purposes, never prosecuted for computer break-ins. (There are prosecutions, but they constitute a microscopic fraction of the number of incidents.)

One of the things I find bizarre about the whole thing is that the government is under the delusion that it is, in fact, involved. They spend money and have departments with appropriate names and such, but so far as I can tell none of it has any connection to reality. (I'm not including the folks at places like NSA who actually do computer security for their organizations every day. I mean the various "information security task force" types.)

So, there are folks in Washington who must go in to the office every day and think they are involved with keeping our networks secure, when in fact nothing they do has any impact on the problem at all. This kind of thing appears to be a common feature of large bureaucracies. I've been struggling to come up with a pithy word or metaphor for it without much success. The only thing that pops into mind for me today is the Aztec priesthood. Those where the folks who thought that if they didn't cut out someone's heart every day, the sun would stop rising.

It is sort of the inverse of a "Cargo Cult". Instead of your actions bringing about no results even though you think you're doing everything right, the results you want keep happening even though your actions have nothing to do with it at all, and you are convinced you are the cause.

This brings up a couple of questions.

• Is there a good word or phrase for this sort of thing? That is, is there a good word for "people who think they're doing something but who are in fact completely uninvolved?" There are excellent phrases for similar concepts -- "Potemkin Village", "Cargo Cult", etc., -- but none of them quite capture the idea precisely.
• Is it actually for the best that these folks are kept busy thinking they're involved when they aren't, so that they don't cause damage by actually becoming involved? It doesn't seem as though we can prevent the government from wanting to "do something" about computer security, so maybe keeping them occupied with reports, studies and "coordinating activities" is, in fact, a good thing.

Addendum: A friend writes to me and says: The best comment I've heard about DHS is "They can't even piss through an open window."