16 U.S. agencies flunk computer security review

IDG News Service - In a scathing report released Friday, the U.S. congressional Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations flunked 16 federal agencies on their computer security efforts, while giving barely passing grades to a host of other agencies.

"It is disappointing to announce that the federal government has received a failing grade on its security efforts," Subcommittee Chairman Rep. Stephen Horn (R-Calif.) said in his opening remarks upon presenting the annual computer security report card.

The subcommittee began grading 24 major executive branch departments of the U.S. government last year after Congress passed the Government Information Security Reform Act, which requires federal agencies to establish agencywide computer security programs that protect the systems that support their missions.

Critical agencies such as the Department of Defense, Department of Transportation, Department of Health and Human Services, and Department of Energy, as well as the Nuclear Regulatory Commission, all received "F's," a failing grade.

The dismal report card comes at a particularly sensitive time, when the U.S. is at war in Afghanistan and facing terrorism threats at home, making the protection of sensitive government information all the more crucial.

"All of us in Congress are well aware that the nation is in a state of war," said Horn. "It is not anyone's intention to place this great land at further risk of attack. It is, however, very important that the new administration take heed of the sobering assessment the subcommittee is providing and work to expeditiously address this most important need."

Other agencies that were handed a failing grade included the Department of Justice, Department of Treasury, Department of the Interior and the Department of Education.

Meanwhile, a handful of other agencies slipped by with a "D," which is passing, but barely so. Those included the Federal Emergency Management Agency, the General Services Administration and the Department of State.

The National Aeronautics and Space Administration scored a "C-minus" -- slightly below average -- while the National Science Foundation merited the highest grade of the group, scoring a "B-plus." An "A" would have been the highest score, but none were given out.

The ratings were determined by security audits and evaluations performed by agency inspectors general since July of last year using standards set by the Office of Management and Budget.

"Without proper protection, the vast amount of sensitive information stored on government computers could be compromised and the systems themselves subject to malicious attacks," Horn warned. "As the recent spate of computer viruses and worms have shown, cyberattacks have the potential to cause