Federal Agencies Get Poor Grades for Security
But CIOs blast report methodology, value
Computerworld - Washington
A congressional subcommittee investigating the ability of federal agencies to protect computer systems from terrorists and hackers last week released its first report card on government information security practices, handing out Fs and Ds to about half of the group.
The results were "very dismal," said Rep. Stephen Horn (R-Calif.), chairman of the Subcommittee on Government Management, Information and Technology. "There is no room for complacency, for the stakes are simply too high."
The report card put federal CIOs, as well as the White House, on the defensive at a subcomittee hearing. No federal agency received an A, and the overall grade for the largest federal agencies and departments was D-.
In response, John Spotila, an administrator at the White House Office of Management and Budget, questioned the committee's grading methodology, the report card's value and its implied conclusion that government systems are sitting ducks for hackers.
"I think the reality is that the agencies have worked very hard to protect the confidentiality of information," said Spotila, who asked how an overall grade could be applied to the federal government's 26,000 separate systems. "What does that tell you about how well the most important things are being done, which systems are done well [and] which systems are not?"
But the General Accounting Office (GAO), the investigative arm of Congress, backed up the subcommittee's findings. "The risks are very high and the breadth of the potential impact very wide," said Joel Willemssen, who heads the GAO's information systems division and testified at last week's hearing.
"Federal CIOs are not asleep at the wheel," said John Gilligan, CIO at the Department of Energy. Gilligan defended the efforts of federal agency information technology leaders to improve security. He also faulted a lack of funding and oversight for governmentwide security programs.
The grades were based on a 29-question survey sent to 54 federal departments and agencies. The questions covered six broad areas, including security planning, the protection of software and systems from unauthorized access and the ability to continue operations in the event of disruptions. The GAO audited the results and released a report claiming that federal agencies have "serious and widespread" security weaknesses.
The departments and agencies that flunked included the Small Business Administration and the departments of Agriculture, Justice, Labor, Interior and Health and Human Services. The Social Security Administration had the group's highest score, attaining a B.
Federal CIOs said improvements will take money. "The reality is that until computer security is fully funded, it will remain much too vulnerable," said Ira Hobbs, deputy CIO at the Department of Agriculture.
- The Business Value of Continuous Delivery Download this whitepaper to learn more about the business value of Continuous Delivery and see why it could be a game changer for...
- Ten Factors Shaping the Future of Application Delivery Download this research report conducted by Enterprise Management Associates (EMA) to learn how those that are seeking to accelerate application delivery are leveraging...
- Software Asset Management: Ensuring Today's Assets Today's trends like BYOD and SaaS are new and exciting in terms of how they will help make our jobs more productive but...
- Trends Shaping Software Management: 2014 Most IT executives recognize the relationship between mobile computing and worker productivity, and have long issued notebook computers and other mobile devices to...
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success!
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt. All Gov't Legislation/Regulation White Papers | Webcasts