In this final installment of my look at the U.S. Mint’s current problems, I will translate the expletives I wrote in the margins of my notes into an editorial about what I learned.
The impression left by the U.S. Mint officials I spoke with is that the lawyers had more say over policy than the appointed director or the career executives. When questioned as to why the U.S. Mint did not implement additional cybersecurity measures against Internet robots, the answer was that the lawyers prevented a sound business decision.
I do not know why the lawyers prevented the U.S. Mint from implementing appropriate cybersecurity controls to prevent Internet robots and other abuses. Whatever the reason, it caused the U.S. Mint to violate the Federal Information Security Management Act (FISMA). Ignorance of FISMA put the U.S. Mint’s cybersecurity in jeopardy during a time when the Internet is becoming more dangerous.
When I used to work as an information security contractor for the U.S. government, including with Treasury bureaus, agencies would work in anticipation of the passage of relevant laws. When I worked for the IRS, another Treasury bureau, the lawyers and analysts would work on the implementation requirements for the new law. They drafted everything from new forms to planning for the programming necessary to implement the new law. Other agencies did the same. If the lawyers prevented the U.S. Mint from anticipating the passage of a law, then the lawyers are overanalyzing the law. It is called being pedantic.
Where was the U.S. Mint management? The lawyers are supposed to provide advice. They are not supposed to be the final answer. Even though the U.S. Mint did not have a permanent director until David Ryder was confirmed by the Senate, someone was in charge. Why is that person not held responsible for the problems?What has David Ryder been doing since his confirmation in April 2018? During his confirmation hearing, Ryder spoke about his experience with the security of coinage. Why is he not concerned about the security of the U.S. Mint’s cyber assets?
Has Ryder even worked on the security of U.S. coinage? Criminals are duping the collecting public by peddling counterfeit American Silver Eagles. Why has the U.S. Mint not implemented security features in the American Eagle program? If the security of the physical currency is Ryder’s specialty, why has he not implemented it to protect the public?
This is not Ryder’s first rodeo. He was appointed the U.S. Mint director in 1992 by President George H.W. Bush. Ryder should understand how the government works. But his performance during his current appointment and the decisions he has made have the numismatic public questioning his competence.
When someone writes a critical opinion piece, they should provide possible solutions. In this case, I am not sure that any suggestion would work. The U.S. Mint does not listen to the collecting public. When they feign interest, the people who try to be responsive move along with the political winds, and new appointees ignore the lessons of the past under the guise of “Not invented here.”
A common problem among political appointees is that they come into any job thinking they know better than career appointees. It causes them to ignore the past and rediscover previous mistakes. I spent a career fixing the security problems caused by mistakes made by appointees.
I wonder if a civilian advisory board would help the U.S. Mint? The board would consist of experts in numismatics and government processes. But it will give the bureau someone to blame if something goes wrong because if I learned nothing else from my 25 years working for the government, career executives and appointees are collectively risk-averse.