Every three years, agencies submit reports to the Office of Management and Budget documenting their inventory of network security vulnerabilities and the steps they’re taking to fix them.
The detailed reports — typically produced at a cost of tens of millions of dollars — often fill dozens of binders; the State Department’s last report was 95,000 pages.
John Streufert, State’s chief information security officer, printed one last month to bring to a Senate hearing. It took four days to print. “And it was outdated by the time I finished printing it,” he said.