Posted on 12/09/2003 3:30:12 PM PST by playball0
Many Federal Agencies Flunk Security Dec. 9, 2003
A new scorecard gives government agencies a D when it comes to securing networks and IT systems. By Eric Chabrow
Federal agencies have made only small improvements in securing government networks and IT systems from hackers and terrorists. A House panel on Tuesday issued a scorecard, giving the federal government an overall grade of D. Last year, the panel issued an overall grade of F. "It's nothing to be proud," said Rep. Adam Putnam, the Florida Republican who chairs a House subcommittee that oversees government IT, at a briefing announcing the scorecard.
Putnam griped that 19 of 24 agencies reviewed failed to complete an inventory of their mission-critical systems. "An agency can't ensure its systems are secure if it can't account for all of its mission-critical systems," he said. "Everything starts with the inventory, and this aspect must improve--and improve quickly."
Last year, 13 agencies received F's; this year eight agencies received the failing grade, including the Department of Homeland Security, which was ranked for the first time because it's a new agency. Putnam says that score is understandable since, as a new agency, it's been concentrating on getting the department up and running. Among the other departments receiving F's: Agriculture, Health and Human Services, Housing and Urban Development, Interior, Justice, and State. Two agencies saw their grades fall: NASA to D- from D+ and Health and Human Services to F from D-.
There were a few bright spots. The agency with the biggest gain--the National Science Foundation--improved to an A- from a D- last year. The highest-ranked agency, the Nuclear Regulatory Commission, received an A, up from a C last year. Other agencies receiving top grades: the Social Security administration, to B+ from B-; and the Labor Department, to B from C+.
Agencies with high scores fully inventoried their critical IT assets, identified critical infrastructure and mission-critical systems, established strong incident identification and reporting procedures, tightened controls over contractors, and developed strong plans of action and milestones that serve as guides for finding and eliminating security weaknesses.
House Government Reform Committee chairman Tom Davis, R.-Va., says many departments still don't take information security seriously. "Clearly," he said, "our goal of making computer security a constant management focus has not been met."
The report can be found at the Web site of the House Government Reform Subcommittee on Technology Information Policy, Intergovernmental Relations, and the Census.
Smaller government is better government.
That's for freaking sure. Now remember folks, that huge, unprecedented blackout in the NE some weeks ago? Keep telling yourself it was TREES that did it. Oh, yes, and the islamaterrorists have terrible computer skills. Keep repeating until you feel safe. That is all.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.