Tech Support Forum banner
Not open for further replies.
1 - 4 of 4 Posts

· Premium Member
1,615 Posts
Discussion Starter · #1 ·
The U.S. government has earned failing marks for computer security for the second year in a row, according to a report released today by a congressional oversight committee.

Nearly two-thirds of the federal government's 24 major agencies flunked the General Accounting Office's (GAO) latest "computer security report card," according to a House Government Reform subcommittee. The Departments of Justice, Defense, Energy and Treasury earned flunking grades, with the Department of Transportation earning the lowest score.

The Social Security Administration won the highest mark, with a "B minus." The National Science Foundation scored a "D minus" and NASA scored a "D plus."

"I am disheartened to announce that again this year the government has earned an overall grade of 'F' for its computer security efforts," said Rep. Stephen Horn (R-Calif.), chairman of the House Government Reform subcommittee on government efficiency, financial management and intergovernmental relations. "Sept. 11 taught us that we must be prepared for attack. We cannot allow government operations to be compromised or crippled because we failed to heed that lesson."

The grades were based on data the agencies gave to the White House Office of Management and Budget as required under a law passed two years ago.

Congressional investigators from the GAO used the information to determine whether agencies met network security standards, such as limiting access to privileged data and eliminating easily-guessed passwords.

The GAO noted marginal improvement in computer security at a few agencies, but said all 24 agencies continue to have "significant information security weaknesses that place a broad array of federal operations and assets at risk of fraud, misuse, and disruption."

The GAO based its assessment on the results of penetration testing and assessments of how well agencies met standard network security measures, such as limiting access to privileged data and eliminating easily-guessed passwords.

In February, the GAO reported that the Internal Revenue Service (IRS) failed to restrict access to sensitive computers on its network and exposed confidential taxpayer information to the public.

GAO Information Security Director Robert Dacey said the finding of additional areas of weakness at some agencies does not necessarily mean that information security at federal agencies is getting worse, but may instead reflect a growing awareness of security holes.

Nevertheless, "the results leave no doubt that serious, pervasive weaknesses persist," Dacey said in the GAO report.

Alan Paller, research director for the SANS Institute, a nonprofit security consortium based in Bethesda, Md., said the GAO's annual review process reinforces the wrong behavior.

"There is a huge amount of money being spent on consultants for these thick, agency-specific reports. But the fact that these scores aren't getting better shows that while the law has impacted the reporting process, it hasn't really affected security," Paller said. "This simply measures how well agencies write reports - not the actual security of their systems."

Here is a list of what grades the GAO assigned to the agencies:

B minus: Social Security Administration

C plus: Labor Dept. C: Nuclear Regulatory Commission

D plus: Commerce Dept., NASA

D: Education Dept., General Services Administration

D minus: Environmental Protection Agency, National Science Foundation, Dept. of Health and Human Services

F: Justice Dept., State Dept., U.S. Agency for International Development, Office of Personnel Management, Veterans' Administration, Dept. of Housing and Urban Development, the Small Business Administration, the Treasury Dept., Energy Dept., Defense Dept., Interior Dept., Agriculture Dept., the Federal Emergency Management Agency, Transportation Dept.

· hey
10,244 Posts
Only the second year in a row? I don't see the government keeping people unless they pay them good. Then again, for some reason most places can't keep anyone around for a few years anymore. Employers just don't seem to care anymore.
1 - 4 of 4 Posts
Not open for further replies.