Federal Agencies Get Poor Grades for Security
But CIOs blast report methodology, value
Computerworld - Washington
A congressional subcommittee investigating the ability of federal agencies to protect computer systems from terrorists and hackers last week released its first report card on government information security practices, handing out Fs and Ds to about half of the group.
The results were "very dismal," said Rep. Stephen Horn (R-Calif.), chairman of the Subcommittee on Government Management, Information and Technology. "There is no room for complacency, for the stakes are simply too high."
The report card put federal CIOs, as well as the White House, on the defensive at a subcomittee hearing. No federal agency received an A, and the overall grade for the largest federal agencies and departments was D-.
In response, John Spotila, an administrator at the White House Office of Management and Budget, questioned the committee's grading methodology, the report card's value and its implied conclusion that government systems are sitting ducks for hackers.
"I think the reality is that the agencies have worked very hard to protect the confidentiality of information," said Spotila, who asked how an overall grade could be applied to the federal government's 26,000 separate systems. "What does that tell you about how well the most important things are being done, which systems are done well [and] which systems are not?"
But the General Accounting Office (GAO), the investigative arm of Congress, backed up the subcommittee's findings. "The risks are very high and the breadth of the potential impact very wide," said Joel Willemssen, who heads the GAO's information systems division and testified at last week's hearing.
"Federal CIOs are not asleep at the wheel," said John Gilligan, CIO at the Department of Energy. Gilligan defended the efforts of federal agency information technology leaders to improve security. He also faulted a lack of funding and oversight for governmentwide security programs.
The grades were based on a 29-question survey sent to 54 federal departments and agencies. The questions covered six broad areas, including security planning, the protection of software and systems from unauthorized access and the ability to continue operations in the event of disruptions. The GAO audited the results and released a report claiming that federal agencies have "serious and widespread" security weaknesses.
The departments and agencies that flunked included the Small Business Administration and the departments of Agriculture, Justice, Labor, Interior and Health and Human Services. The Social Security Administration had the group's highest score, attaining a B.
Federal CIOs said improvements will take money. "The reality is that until computer security is fully funded, it will remain much too vulnerable," said Ira Hobbs, deputy CIO at the Department of Agriculture.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Logicalis eBook: SAP HANA: The Need for Speed Without timely business insights, organizations today can suffer logistical, manufacturing, and even financial disaster in a matter of minutes
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Gov't Legislation/Regulation White Papers | Webcasts