Federal Agencies Get Poor Grades for Security
But CIOs blast report methodology, value
Computerworld - Washington
A congressional subcommittee investigating the ability of federal agencies to protect computer systems from terrorists and hackers last week released its first report card on government information security practices, handing out Fs and Ds to about half of the group.
The results were "very dismal," said Rep. Stephen Horn (R-Calif.), chairman of the Subcommittee on Government Management, Information and Technology. "There is no room for complacency, for the stakes are simply too high."
The report card put federal CIOs, as well as the White House, on the defensive at a subcomittee hearing. No federal agency received an A, and the overall grade for the largest federal agencies and departments was D-.
In response, John Spotila, an administrator at the White House Office of Management and Budget, questioned the committee's grading methodology, the report card's value and its implied conclusion that government systems are sitting ducks for hackers.
"I think the reality is that the agencies have worked very hard to protect the confidentiality of information," said Spotila, who asked how an overall grade could be applied to the federal government's 26,000 separate systems. "What does that tell you about how well the most important things are being done, which systems are done well [and] which systems are not?"
But the General Accounting Office (GAO), the investigative arm of Congress, backed up the subcommittee's findings. "The risks are very high and the breadth of the potential impact very wide," said Joel Willemssen, who heads the GAO's information systems division and testified at last week's hearing.
"Federal CIOs are not asleep at the wheel," said John Gilligan, CIO at the Department of Energy. Gilligan defended the efforts of federal agency information technology leaders to improve security. He also faulted a lack of funding and oversight for governmentwide security programs.
The grades were based on a 29-question survey sent to 54 federal departments and agencies. The questions covered six broad areas, including security planning, the protection of software and systems from unauthorized access and the ability to continue operations in the event of disruptions. The GAO audited the results and released a report claiming that federal agencies have "serious and widespread" security weaknesses.
The departments and agencies that flunked included the Small Business Administration and the departments of Agriculture, Justice, Labor, Interior and Health and Human Services. The Social Security Administration had the group's highest score, attaining a B.
Federal CIOs said improvements will take money. "The reality is that until computer security is fully funded, it will remain much too vulnerable," said Ira Hobbs, deputy CIO at the Department of Agriculture.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Gov't Legislation/Regulation White Papers | Webcasts