A couple of months before I was activated and went to Afghanistan, I got a briefing from a Special Forces NCO who had done multiple tours in the desert. One thing he said still sticks in my mind (obviously paraphrased):
“The Afghanis, they live in mud huts, they don’t have electricity, they are stick-people weighing 85 lbs, and to say that we could bomb them into the stone age would be an advancement in their technology level. But never underestimate these people, they’re survivors. They’ve survived 35 years of warfare, starting with the Soviets, then they fought a civil war before we arrived on the scene. Never underestimate their ability to survive, and have respect for them because of who they are.”
Today, I feel the same way about government employees, even more so because it’s an election year: they’re survivors.
Now time for what I see is the “real” reason why the government is doing badly (if that’s what you believe–opinions differ) at security: it’s all an issue of culture. I have a friend who converted a year ago to a GS-scale employee and took a class on what motivates government employees. Some of these are obvious:
- Pride at making a difference
- Helping people
- Supporting a cause
- Gaining unique experience on a global-class scope
- Job stability
- Retirement benefits
And one thing is noticeably absent: better pay and personal recognition. Hey, sounds like me in the army.
The Companion Family Plan for Survival at Home photo by Uh … Bob.
Now I’m not trying to stereotype, but you need to know the organizational behavior pieces to understand how government security works. And in this case, the typical government employee is about as survival-aware as their Afghani counterpart.
Best advice I ever heard from a public policy wonk: the key to survival in this town is to influence everything you can get your hands on and never have your name actually written on anything.
In other words, don’t criticize, be nice to everybody even though you think they are a jerk, and avoid saying anything at all because you never know when it will be contrary to the political scene. The Government culture is a silent culture. That’s why every day amazing things happen to promote security in the Government and you’ll never hear about it on the outside.
One of the reasons that I started blogging was to counter the naysayers who say that FISMA is failing and that the Government would succeed if they would just buy their product for technical policy compliance or end-to-end encryption. Sadly, the true heroes in Government, the people who just do their job every day and try to survive a hostile political environment, are giving credit to the critics because of their silence.
Which brings me to my point:
Yes, my name is Rybolov and I’m a heretic, but this is the secret to security in the Government: it’s cultural at all layers of the personnel stack. Security (and innovation, now that I think about it) needs a culture of openness where it’s allowable to make mistakes and/or criticize. Doesn’t sound like any government–local, state, or federal–that I’ve ever seen. However, if you fix the culture, you fix the security.