US agency destroys keyboards, mice to get rid of viruses

Posted on July 12, 2013 by Shailendra Nair

The Economic Development Administration (EDA) is an agency in the US Department of Commerce that promotes economic development in regions of the US suffering low growth, low employment, and other economic problems. In December 2011, the Department of Homeland Security notified both the EDA and the National Oceanic and Atmospheric Administration (NOAA) that there was a potential malware infection within the two agencies’ systems.

The NOAA isolated and cleaned up the problem within a few weeks.

The EDA, however, responded by cutting its systems off from the rest of the world — disabling its enterprise email system and leaving its regional offices no way of accessing centrally-held databases.

It then recruited in an outside security contractor to look for malware and provide assurances that not only were EDA’s systems clean, but also that they were impregnable against malware. The contractor, after some initial false positives, declared the systems largely clean but was unable to provide this guarantee. Malware was found on six systems, but it was easily repaired by reimaging the affected machines.
Ars Technica

EDA’s CIO, fearing that the agency was under attack from a nation-state, insisted instead on a policy of physical destruction. The EDA destroyed not only (uninfected) desktop computers but also printers, cameras, keyboards, and even mice. The destruction only stopped — sparing $3 million (£2 million) of equipment — because the agency had run out of money to pay for destroying the hardware.

The total cost to the US taxpayer of this incident was $2.7 million (£1.8 million): $823,000 (£550,000) went to the security contractor for its investigation and advice, $1,061,000 (£710,000) for the acquisition of temporary infrastructure (requisitioned from the Census Bureau), $4,300 (£2,870) to destroy $170,500 (£114,000) in IT equipment, and $688,000 (£462,000) paid to contractors to assist in development a long-term response. Full recovery took close to a year.

The full grim story was detailed in Department of Commerce audit released on 26 June, subsequently reported by Federal News Radio.

The EDA’s overreaction is, well, a little alarming. Although not entirely to blame — the Department of Commerce’s initial communication with EDA grossly overstated the severity of the problem (though corrected its error the following day) — the EDA systematically reacted in the worst possible way. The agency demonstrated serious technical misunderstandings — it shut down its email servers because some of the emails on the servers contained malware, even though this posed no risk to the servers themselves — and a general sense of alarmism.

The malware that was found was common stuff. There were no signs of persistent, novel infections, nor any indications that the perpetrators were nation-states rather than common-or-garden untargeted criminal attacks. The audit does, however, note that the EDA’s IT infrastructure was so badly managed and insecure that no attacker would need sophisticated attacks to compromise the agency’s systems.

This story originally appeared on ars technica

As published on http://www.wired.co.uk/news/archive/2013-07/09/us-agency-overreacts-virus

Unknown's avatar

About Shailendra Nair

AI Generalist & Executive Tech Leader in Insurance & Benefits Tech. Driving growth, trust, and resilience from AIG to Marsh McLennan. I am an AI Generalist and Executive Technology Leader with a career dedicated to reimagining how insurance and benefits ecosystems work in a digital first world. My expertise spans Insurance & Benefits Tech, digital transformation, and cybersecurity, with a proven ability to turn technology into both a growth engine and a resilience enabler. I have worked with global leaders such as PepsiCo, Allianz, AIG, and Marsh McLennan, experiences that gave me a rare mix of perspectives across insurance carriers, broking, and benefits advisory. This combination allows me to design solutions that balance global standards, local compliance, and client expectations while driving measurable business value. My strength lies in full stack insurance technology leadership, covering Property & Casualty, Life, and Benefits. I bring hands-on expertise in infrastructure, cloud, security, and enterprise architecture, combined with data platforms, AI automation, and digital ecosystems. Having led across this spectrum, I can translate complex technology into practical outcomes that deliver trust, scale, and innovation. As an AI Generalist, I focus on impact: • Building automation first operations that scale efficiently. • Designing chatbots and intelligent assistants to empower employees and clients. • Deploying AI-driven QA frameworks to improve speed and accuracy. • Exploring agentic AI roles to support compliance and transformation. My philosophy is simple: technology should reduce friction, inspire confidence, and accelerate growth. I design platforms that enhance sales, revenue, and client stickiness, proving that tech can directly enable business outcomes. At the same time, I remain deeply client centric a solution enabler who thinks out of the box to solve real challenges and deliver measurable ROI. 🌍 What excites me most is reimagining benefits ecosystems for the future of work. Employees demand seamless digital first experiences, organizations need efficiency, and regulators require trust and security. My mission is to build ecosystems that are secure, resilient, innovative, and human focused.
This entry was posted in Technology and tagged . Bookmark the permalink.

Kindly leave your feedback or suggestions