U.S. agencies earn overall grade of D for computer security
The Department of Homeland Security, however, got an F
Computerworld - For the fourth year in a row, most federal agencies have received low grades for failing to protect their computer networks from hackers and other cyberterrorists, according to a computer security report card issued today by the House Government Reform Subcommittee on Technology. The subcommittee released its report today.
The Department of Homeland Security was one of eight agencies that received a grade of F for its network security efforts. In 2002, 13 agencies received a failing grade.
DHS officials couldn't be reached for comment this afternoon.
The U.S. Department of Justice, as well as the departments of Energy, Health and Human Services, Interior, Agriculture, Housing and Urban Development, and State also received failing grades. On the other end of the scale, two agencies received an A or A- score: the Nuclear Regulatory Commission and the National Science Foundation. The Social Security Administration received a B+, and the Department of Labor got a B.
The report card graded agencies on their progress in complying with the Federal Information Security Act of 2002, which requires federal agencies to submit data on their computer security programs to the Office of Management and Budget every September.
"Obviously, the fact that the federal government has moved from an overall score of F to D and 14 agencies showed improvement in their scores is a positive sign," said Bob Dix, the subcommittee's staff director. "However, Chairman [Adam] Putnam is still disappointed that there is not more progress being made, faster."
Dix said the fact that there are still eight agencies with failing grades is troubling to Putnam, who believes the issue hasn't been given the priority it deserves.
"While some of the agencies provided evidence of strong support by virtue of the strong scores they got, others continue to have failing grades, which is evidence that they haven't given the proper attention to this issue," Dix said.
He said that Putnam (R.-Fla.) is convinced that the federal government needs to be a leader in cybersecurity issues and needs to set the standard for the private sector. "We are just not doing enough to achieve the results that we must achieve," Dix said.
But Rich Caliari, directory of product strategy at Harris Corp.'s STAT network security unit in Melbourne, Fla., said there was a lot of positive movement from 2002 to this year. He said some of the agencies that earned low grades have recently purchased technologies designed to help them improve their network security.
"For most departments, this will be a three- to five-year project," Caliari said.
Read more about Security in Computerworld's Security Topic Center.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!