Wednesday, February 16, 2005

U.S. agencies earn D-plus on computer security

An AP story posted on SecurityFocus confirms the generally dismal state of cybersecurity in the US government. The report on the Department of Homeland Security is particularly disheartening.

"The overall security of computer systems inside the largest U.S. government agencies improved marginally since last year but still merits only a D-plus on the latest progress report from Congress. The departments of Transportation, Justice and the Interior made remarkable improvements, according to the rankings, which were compiled by the House Government Reform Committee and based on reports from each agency's inspector general. But seven of the 24 largest agencies received failing grades, including the departments of Energy and Homeland Security. The Homeland Security Department encompasses dozens of agencies and offices previously elsewhere in government but also includes the National Cyber Security Division, responsible for improving the security of the country's computer networks."

More from the Washington Post story by Brian Krebs:

"Committee Chairman Tom Davis (R-Va.) ... chided agencies for not moving fast enough. 'I hope it won't take some kind of major cyber-attack to wake everybody up,' Davis said."

"For years, lawmakers in Congress have warned federal agency leaders that they would slash funding for technology projects that fail to meet basic computer security requirements. But despite such threats, agency funding has remained unaffected by high or low grades on the computer security report cards, according federal security officers ... 'If there are no incentives for agencies to comply with FISMA requirements, what is the point?', said Richard P. Tracy, chief security officer for Telos."

Labels: , , ,


Post a Comment