Technician Error Costs TaxPayers $200,000 and Illustrates Lack of Procedures

I just read an article that illustrates how basic planning and proper implementation of procedures could have saved us tax payers $200,000.

Source: CNN

A computer technician reformatting a disk drive at the Alaska Department of Revenue. While doing routine maintenance work, the technician accidentally deleted applicant information for an oil-funded account — one of Alaska residents’ biggest perks — and mistakenly reformatted the backup drive, as well.

There was still hope, until the department discovered its third line of defense had failed: backup tapes were unreadable.

“Nobody panicked, but we instantly went into planning for the worst-case scenario,” said Permanent Fund Dividend Division Director Amy Skow. The computer foul-up last July would end up costing the department more than $200,000.

Now, you may ask: “How could this have been avoided?”

The answers are simple, “separation of privileges” and “regular backup validation”.

In this article it was mentioned that the data contained on the drive was for “an account worth $38 billion”.  So for data that is that important and that valuable, why do they only have one backup tape?  If they do only have one backup tape why wasn’t it validated?

The “seperation of privileges” is a security concept that you often see demonstrated in movies when a government is about to launch a rocket into space or a nuke.  Either, two people have two seperate keys to launch; or one person has a key and another a secret code.  This is a valuable security concept because it ensures that no single person is responsible for the launch of a nuke.

In this case the technician (most likely ex-technician by now) should have only had file system permissions to either the data drive or the backup drive, but not both.

I thought the U.S. government invented these concepts?  Why is it that they don’t follow them?