The recent (April 2015) hack of U.S. government systems that led to over 20 million personnel records being stolen led to a lot of investigations into just what the U.S. government has been doing, trying to do and not doing that led to the April hack and earlier ones that were less spectacular but add up to even more damage. One of the findings is that government efforts to protect its networks often were good in theory but ineffective in practice. A good example of this was a network security system called EINSTEIN. This is actually a collection of security software tools developed by DHS (Department of Homeland Security) under the more descriptive name National Cybersecurity Protection System (NCPS).
EINSTEIN began service in 2010 and since then there have been some upgrades. The problem is that the upgrades were not implemented as quickly as possible (compared to similar items created by non-government organizations), were not installed as widely as they were supposed to and often not managed effectively once installed. The main problem was poor and inconsistent management at all levels. Too many officials did not understand EINSTEIN or did and often went through the motions when it came to managing these network security tools.
Poor management has also been a problem in commercial organizations but the need to show a profit and take responsibility for failure to perform eliminated far more incompetent managers, especially when it came to network security. Thus most commercial organizations have more effective network security. This has always been a problem in government and it takes extraordinary effort to avoid failure. Obviously such efforts have not been made, at least when it comes to Internet security, in the last decade.