Q&A: Rep. Davis on latest federal IT security report card

Perform or face new mandates, he warns agencies

By Jaikumar Vijayan

February 24, 2005 12:00 PM ET

Computerworld - House Government Reform Committee Chairman Tom Davis (R-Va.) last week released the 2004 federal government computer security scorecard, which gave federal agencies an overall D+ average (see story). Several agencies, including the Department of Homeland Security and the Department of Energy, scored F's for the second year running. Others, such as the Department of Transportation, showed big improvements.
In this interview with Computerworld, Davis talked about the government's performance on the score card and warned that more mandates could be on the way if federal agencies don't fix their security issues soon.
What are your conclusions about the overall performance of government agencies? I think it is improving, but it's not improving fast enough at this point. The overall agency scores rose by 2.5 points, but they still scored a D+. We just need to continue to give this focus, and hopefully we won't have some kind of cyberattack or cyber-Pearl Harbor. We have to be inspired by that to try and stay ahead of the curve.
Why are some agencies faring so well while others appear to be struggling? Leadership. It's about leadership. It basically goes to the CIO and the agency heads and their ability to coordinate on this. They have to get this focused. They need to get a plan, [and] they need to execute on it. Some agencies have put the resources into it, and others haven't. We have independently verified these scores. Some have still a long way to go.
What's the incentive to improve when there are no funding or other repercussions for bad grades? I don't know if you want to punish people by withholding funding. That makes it even tougher for them to meet their goals. But I think there may be an embarrassment factor. If you want to have career advancement and you come off an agency that has got a bad FISMA [Federal Information Security Management Act] grade, it probably isn't going to help you move to the next level. I think this is part of the evaluation process. Eventually, I think there will be a funding attachment. These score cards are fairly new, and we are trying to get an appropriations buy-in.

Many of the recommended security controls for federal agencies will become mandated requirements by the end of this year. What impact will that have on the score cards next year. Mandates are better than suggestions, unfortunately. You hate to get to the point where you have to mandate things that need to get done. But I think

Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Additional Resources

POLL RESULTS

Leading IT Pros Weigh In on Top IT Issues

Accelerate your knowledge of the IT world you inhabit by viewing the results of a series of polls taken by your IT peers. These polls of 100+ IT professionals each are available for full viewing. They cover key topics such as virtualization, processor performance, green IT, cloud computing and many others. Be a part of the buzz.

WHITE PAPER

For Best Results, Think Beyond the Box

Technology is complex. Keeping it running productively shouldn't be. To that end, you want to minimize the number of solutions needed in-house to simplify operations, maintenance, and support. Kodak offers a best-practices model. One company provides support for both scanner and software, for fast problem resolution without vendor finger-pointing. Download now!

WHITE PAPER

Accelerating the Path to Demand Intelligence with a Demand Signal Repository

Utilizing demand intelligence improves the precision of pricing, product assortments, channel/store placement, and promotion, which are all essential for sustainable revenue management performance. Learn more, download this free whitepaper today.

White Papers & Webcasts

Centralized Data Backup and Your WAN
Is your organization prepared to tackle the massive challenge of protecting your data in a cost effective and timely manner? With a growing...

Why Compliance Pays
This OnDemand webcast explores the relationship that firms with best compliance records have higher revenue, greater customer retention, lower financial losses from data...

An All-in-One Approach to Web Security
Granting web access to employees poses challenges to IT administrators and introduces unique security risks. Even as companies have perfected their security techniques...

Best Practices for Managing Business Risks from the Use of IT
(Source: Symantec) Based on exhaustive benchmarks conducted by the IT Policy Compliance, this session highlights the relationship between business risks and use of...

The Hidden Dangers of Spam
Beyond the well-understood productivity drain that spam inflicts on businesses, threats posed by illicit email circulating through a network are causing many security...

Managing And Protecting Your Ever Increasing Mobile Assets
(Source: Absolute Software) Your users are becoming more mobile each day. This is great for productivity - yet challenging for IT control. Natalie...

Open Source Security Myths Dispelled
(Source: Astaro) Open Source Software is computer software whose source code is available to the general public. This openly viewable nature...

Sun OpenSSO Enterprise Webinar
(Source: Sun) This webinar replay discusses Sun OpenSSO Enterprise innovation--the single, open-source solution that helps your business solve the challenges around internal access...

Best Practices for Backing Up VMware® with Veritas NetBackup™
VMware® is used by enterprises large and small to increase the efficiency and cost-effectiveness of their IT operations. With this in mind, Symantec...

Agile Enterprise Content Management (ECM) for Rapid ROI
(Source: IBM) Content rich business processes are a core feature of daily operations at just about any organization today. Very often these essential...

All White Papers | All Webcasts