U.S. agencies earn overall grade of D for computer security
The Department of Homeland Security, however, got an F
Computerworld - For the fourth year in a row, most federal agencies have received low grades for failing to protect their computer networks from hackers and other cyberterrorists, according to a computer security report card issued today by the House Government Reform Subcommittee on Technology. The subcommittee released its report today.
The Department of Homeland Security was one of eight agencies that received a grade of F for its network security efforts. In 2002, 13 agencies received a failing grade.
DHS officials couldn't be reached for comment this afternoon.
The U.S. Department of Justice, as well as the departments of Energy, Health and Human Services, Interior, Agriculture, Housing and Urban Development, and State also received failing grades. On the other end of the scale, two agencies received an A or A- score: the Nuclear Regulatory Commission and the National Science Foundation. The Social Security Administration received a B+, and the Department of Labor got a B.
The report card graded agencies on their progress in complying with the Federal Information Security Act of 2002, which requires federal agencies to submit data on their computer security programs to the Office of Management and Budget every September.
"Obviously, the fact that the federal government has moved from an overall score of F to D and 14 agencies showed improvement in their scores is a positive sign," said Bob Dix, the subcommittee's staff director. "However, Chairman [Adam] Putnam is still disappointed that there is not more progress being made, faster."
Dix said the fact that there are still eight agencies with failing grades is troubling to Putnam, who believes the issue hasn't been given the priority it deserves.
"While some of the agencies provided evidence of strong support by virtue of the strong scores they got, others continue to have failing grades, which is evidence that they haven't given the proper attention to this issue," Dix said.
He said that Putnam (R.-Fla.) is convinced that the federal government needs to be a leader in cybersecurity issues and needs to set the standard for the private sector. "We are just not doing enough to achieve the results that we must achieve," Dix said.
But Rich Caliari, directory of product strategy at Harris Corp.'s STAT network security unit in Melbourne, Fla., said there was a lot of positive movement from 2002 to this year. He said some of the agencies that earned low grades have recently purchased technologies designed to help them improve their network security.
"For most departments, this will be a three- to five-year project," Caliari said.
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts