NCSC CEO Ciaran Martin writes to permanent secretaries regarding the issue of supply chain risk in cloud-based products, including anti-virus (AV) software.

Wow. The issue we have here is what IT department would allow a government to use cloud-based backup or foreign software. While no guarantee, it's just good common sense.

Here's what we find fascinating unless we missed something obvious. Here is Mr. Martin's resume:

"Ciaran is Director General for Government and Industry Cyber Security. He is a member of the GCHQ Board and the SIRO.

Before joining GCHQ in February 2014, Ciaran was Constitution Director at the Cabinet Office. In this role, he was the lead official negotiator for the Prime Minister and Secretary of State for Scotland in the run-up to the Edinburgh Agreement in 2012 on a referendum on independence for Scotland.

Previous Cabinet Office roles included Director of Security and Intelligence, from 2008 to 2011, and Head of the Cabinet Secretary’s Office from 2005 to 2008. Before that Ciaran spent six years at HM Treasury and three at the National Audit Office, after graduating from Hertford College, Oxford in 1996."

We certainly hope some government organizations read this as we have a suggestion for them. The people in charge of internet security should have experience in doing so; and everyone down the line. There have to be tens of thousands of capable people in the US alone.

We're not knocking Mr. Martin personally, but where is his IT experience?

We are always reminded of the time Hillary Clinton smashed iPads with a hammer to "destroy evidence." This one stood out because no one, no one stepped up and pointed out the memory card? The servers the emails could still be on? No one?

Until our governments stop hiring people as political favors and start hiring them for their talent, these problems will continue. Case in point, Mr. Martin is making this decision about a year late regarding Kaspersky.