Fleecing of the Government – IT Contractor Severely Overcharging for Classified Spillage Cleaning
Another day, another fine example of an IT contractor unnecessarily fleecing the government. This time we have EDS, the technology services company who administers the Navy/Marine Corp Intranet (NMCI), severely overcharging for “classified spillage” cleaning efforts.
The Navy report from October disclosed that in fiscal 2008 there were 52 incidents of classified data being placed on unclassified electronic systems, about half of them Pacific Fleet and Naval Education and Training Command systems, and a total of 37 were on the Navy Marine Corps Intranet, the massive unclassified computer network used for command and control on more than 350,000 military computers.
Current reports have EDS charging the Navy to the tune of approximately $5 million annually, a figure roughly 10 times the cost of merely replacing the infected hard disk drives with new ones.
Cleaning up after these types of security incidents is no laughing matter. The process is designed to be long and arduous for one significant reason – preventing the accidental compromise and potential loss of classified data. With the core intent of ensuring no classified residual data exists upon completion of all required cleaning actions, the process by which servers and workstations are cleansed is actually a relatively simple task for properly trained IT professionals. Although time consuming, the vast majority of the process is automated.
The contractor who built the intranet and repairs compromised NMCI computers is the Texas-based technology services company EDS, which according to a defense official charges the Navy $11,800 to fix each electronic spillage. At that price per incident, the Navy is paying EDS an average of about $5 million a year to electronically “clean” some 432 “compromised computers.”
According to documents obtained by The Washington Times, EDS charges upwards of $11,800 to cleanse inadvertent classified spillages. This cost is across the board, per spillage – ergo, if a single infected workstation is required to be cleansed then the cost is $11,800. If two workstations require cleaning, the Navy is charged the same price, etc.
Rather than offering a tiered pricing structure based on a case-by-case basis, EDS has opted to go with a “per spillage cost,” with the Navy agreeing to these terms. Not only is EDS fleecing the government, but the Navy has arranged for such fleecing to be allowed.
These prices are nothing short of ransom – EDS owns the NMCI network (ie. all servers with Navy data are completely controlled by the Contractor overseeing NMCI) and extorts the Navy while holding this data ransom. Since possession is nine-tenths of ownership, EDS is in the perfect position to overcharge the Navy for complex yet inexpensive operations such as cleaning electronic spillages.
“Replacing a hard drive or the entire laptop would be significantly cheaper,” said the official, who noted that “432 new Dell laptops would cost no more than $600 to 650,000.” The official spoke on the condition of anonymity because of the sensitivity of the issue.
One has to wonder why EDS has not come up with more creative yet approved methods for cleaning electronic data spills. Although the process is highly important, there is no reason for such high costs since hardware prices are extraordinarily low these days. Why not merely replace hard disk drives on the cheap?
The answer to these questions are multifaceted – there are no cut-and-dry solutions. However, this does not discount the fact that yet another government IT contractor is once again fleecing our government for no reason other than to make a quick buck.
