Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Government Flunks IT Security



 By: Caron Carlson
2006-03-20
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
U.S. Protection agencies flounder on report card.

Key federal agencies are receiving low or failing grades on the security of their IT infrastructures, fueling criticism of the departments charged with keeping the nation safe.

In a report card issued March 16 by the U.S. House Committee on Government Reform, the government last year earned a D+. Both the Department of Homeland Security and the Department of Defense received an F, and the Department of Justice a D.

"The [security grades for the] agencies on the front line in the war on terror remained unacceptably low or dropped precipitously," said Rep. Tom Davis, R-Va., chairman of the House Committee on Government Reform, which reviewed the grades sent to Congress by the agencies.

Resource Library:

The ratings show how well agencies meet the mandates of the Federal Information Security Management Act, which sets forth security standards, as well as operational and reporting requirements. Committee members took the information officers of the DOD and DHS, in particular, to task for failing to show significant improvements.

"Whats happening with the two most strategic and sensitive agencies?" asked Rep. Diane Watson, D-Calif. "I dont feel comfortable that my homeland is secure."

Areas of greatest concern to policy-makers include inconsistent incident reporting and contingency-plan testing, as well as a lack of both specialized security training and configuration management policies, Davis said.

Some agencies improved: The Department of Labor, Environmental Protection Agency and Social Security Administration received an A+. The National Science Foundation earned an A, up from a C+, and the General Services Administration earned an A-, up from a C+.

Larger agencies face more complicated security challenges because they are often composed of semiautonomous bureaus with separate missions, funding and technologies, and vulnerabilities in one bureau can affect other parts of the department, said Gregory Wilshusen, director of information security issues at the Government Accountability Office, in Washington.

Industry observers widely agree that only greater accountability and commitment at the top will lead to improvement in the future. "In the commercial world, people get fined or go to jail when they dont comply. The feds dont seem to have the same motivation," said Chris Farrow, director for the Center for Policy & Compliance at Configuresoft, in Colorado Springs, Colo. Farrow added that many agencies are not lacking in funding or tools. "[DHS] has the largest budget out there. They got an F last year, and this year they failed again," Farrow said.

Theres concern that many of the agencies are focused on "studying for the test" rather than on long-term, sustainable security. "The question is, What does a B really mean?" asked Richard Tracy, chief technology officer of Telos, in Ashburn, Va. "Does it mean that someone just knows how to take the test now?"





  Reader Comments: Government Flunks IT Security
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Caron Carlson
 


x}ks㶲*Q3Co{lc-K3>*-EAc!)J6~bvKZc2;["h4AȹL{B.ܢd>56#ݟR>҈chGPQ~aF3,Ӹ4 HSKVUBX)ڑx>o#޷L{`TyÙ|k7~+eUvѻ]HQPw۷@ږVj0n{'Owq@α{A~$Vj}& D%\.fI&0h56ttXB^,9@FI?j|%R+ i٥zd$Y̮gfVҘ gUUj,ǝq%?[ڗu&u}Yf0ZhCA+t?c;Ӡzqsںy\7=rڽ&Iٙ{Άt4ڟm3H/k*}k!-z??,rG=jiTjVMusBr,Ndo/ !}O}nr2GrI/o"$̏Q5 tA#J 9"3NE ;- ujvf5Pko4f!`FܼNR49Vϡ蟩$Wm4@r-XSl؅ RMo4x M XRU>hI"E[fT}O%ތE<f aϨ>s>m;4}t>჎$>hƋMrinLMrӇtu4A.~{ݣn]?&tno7,Abχ#Q߭F#m|LR}b;>t9 HhQ0<sx0ܙ[3衟#]ӽ:?a= 0.Z- Be^~}¢81O>ȁ{0g`sDowiChnPB\jJdN˵K ] cRRP hI#r Bг1,`@o!``P􎄰R1iJlRi sg RTD;7 KŔ=*%nqR%a 934YIjL=?n1!UG,D`v9J,L.Y ϴ6jԭebQ9ҴZ hқMÄ%1@μs&,`b HK%\Ew,[t3Asq=7 Iϱ(Y`6Ê0ӊYsξS s>xFX~G7M- ݜ6,1%&B~mLhH,ioc Yu-SN`cܒn86̜07ÚL ~Dg詉m>`4fs)wdm˴o)T۪v39n(!+hWY 2cdRUyrt+[[3nR>Mr=&"ǰ@Q/0}ԙQ3BZsOsR| g:[6[K7˦EI8Jەa]jk-T8W7Bɶ/²xcP6B6Rkυ5ò =2P" Cx EZ҆TSs  XTM.R?>2ei;aՒhxK[ʸA6`AELl5KW)թw@4=".H{L-π|P9gs?棄YTpܩ4hQ*}a3)4&0Sӹbp=F˸>q,?XĞ-\FCZ\Saﴽ.JM.bd>n 'L[aHz{>8`Tfha86-b{;HySI_.)UIH~1:2.eX k;gOf3n/Ht]i%raHxHDSsHB$T2`LHǎ73] eQauewPyS3O`Dk 570M9CLKo39;ĢQ7Ϗ9(gdW%d)'HR-ʪZJ~~{ ߥ8pc}yw7zs4gRJo0t.tȕ`s|eLFմlxTa)Ry=F Zman5{3Mᗬ6{ 0v? j􍹏 8`w4 Ř)3%Jt( ֹB\U4UeԻ5ubH#C`JEWFlj瞏+ӥ ,ćφ]2>̌:k}]\WJZP+kiyEW‡v1eD!S#2z q[kh0h-f;Z;pLjg  欩h+sJbOW2EߙizrujFYTy3is{"s-_M>%X|'8MG9Fi$]|;P rfVȍZtNd_# M`}G ϓ1W5% lXDb+>A:+lnBs0X3f~Wk*ty{Wz&[wuvʭ ܱG􁯍C-oc d.ōfπïǖ mԚVNM&Vi Z;zGd!9 =!OR-4SK8n7=R.R 2=ct8i>tgc֏'*z)TʜYEo(QU-q'F.҄^Kbvv$MU"[ qe l&SbR/փ `A##g0k(G݉(~ (zC9km{~>RTS(.>JMP*jIIz, :*h7xџVPVW`Zd&s\%\{si0o)Q󩋗r3["X.DД7Ϩ3Rb  kQh-Bwyr`0W?4$NcVpDMc?ցh)03?0R#ٸUZS%봪I>NM= h˃QaߋCWuRԣo{{C4}3݀,+L)~3ḣ)usC\Դ"hw ĶRsG'D.pĵ) rA-ã,D(d0rYj+dP\xO+& oRٟ:sɖBz_K(4Ԉ xϰL' eVqc?3 co/>C(1@ E D@;n߱?% ?S-Ѝ)8gMX1BNJE])w7V4}ڽK͋C<4yu_u{~{y[;QAZrXi\/0C~:I˖Թho(/ [dzNR(I]2~̮WVs^0lg~hy# 8$+~{!\4w.ŗtOk~Rw.R1~J`' yyyru4+$yy|hq0)MF 0Sk 5^6Q"B@It[k,WZXKr!}&=CɢlGhN٦{k^+,k̚_6o$Ç*X AQ5 kNG:vZgp=6" BtX 1te}E/S)Q\(hY}ҽnr#Klo}AǯJN^v Z-[N7S+t,c?]ѯ8ʆ=?E]Nju>!4|㿜yAG$ !rFen1~xAZ~j_9Q;DZ3pu*l hw,0eROӭQ^''\/_z &+:{H:4u0❟'gH7$O9̴a}jwqC]hEUԒR#,ulAɛjSs7$Psl  J$Me".#]Fo>PY9|'Cq$܌eђX2j1 1Otҍ@8Nbt£" :2l`wV[M&G T gsikJSuL&gC1QSOKǔ`!aJzs׃Z Xit|r&aEUr X*tIڍ>j۲RuTMS:0J J O,’ʥpA, >j .y_}WS>;"x7vC% mt2Ѥު' 7:fH̿#Lz֗>֜’Dvp݊bЃJrU,o'"L#1ItcQZRj<JRS3xtp `@B&W7݃0A]RӚ9P̥.PޖuO_`?y5{h5wUm5n۲Av i`FJ`wLM8NM(,$,L:t*U*Z˘:aH!Jp*fϗ$MH)'e[<+ 9!]h֔WMj}?wC #c$X7 pH$9,k1!$66J9%2p7N0^͍͍͍͍ݨ%M+F{SYW)ej[`tԛV.`Fv F\jvҌ7F}wI 0x$Ǔl x[F&T2 (A'RW,9T'IBb ".s!luc[r‹Q? a9.Mώ7R2Ai^S˲4||'>|0Qp^h%_iHyDҵ߲4F淒J7}40K4ȁ(i5chI p_ q'x[2Su.) (:`>tZR &toȒv_{tZ_<Yӭqnl]uK.xWtJmdzD Pt\܊uXnz}fye:$z2iO}sK\yN A.t SdabZ_\iL2]ݴST{lBD%$O_Jam=h2{=,罿K]M`IIIIr?iAUjOfߟ;}??%~D]6O?.͢= L}q9h* a}0эODe/LUPRwt60NtP8ЛrxM $k 0a pd ?q_Qˎ7v|K0# Y'N:0qjhSf Όfnњ|.M%[Cl0P'G2#kEuiH/Osu}\ljzé).n/,[S#`+=trK;qȸץmĥ(^jpGTC,Pkdi]Yċ(uqѕȵtu҉0<}d  ێ/G*Dz'~/T"j\D@Kjs鳄w+A#샒=%hF!,qQ(Dsđ"?cu\]SS[Z¯[+W#rd! `,%7vya/`8(҈ǤPFpxAiLʃx3ZA=sj41!r>&ƘKjx[VQjz~zz_ZbiE.c 2uuWHk̘x/m4vlNz yԥ:BMIE;TBhx#-F5נRhs|d:k6j=!ɣ`58?Svn&.+m'hzBRKo^;G'ܬTMd n߮=<5<mQNa=DX*D [`2n&~iXs>H':t=jh DѤJd mYP)ϑVPJj\=rC;`4}yjUS*ZYQ#ڍiê'=vLJ\k0'|z`!g`zҧ%Ed#usK%XSuZ#8,6K&O?Fyb#>v"Afko)yg?V|}P.[˜zpWӸ Ǿ3&7Q;^;˰0޻K{IV^@96Yfln 90ڱJ R 9?SRmF 9vcD̋:Z s Fʒ2;MDWlfmmIU+ ַg%.04%Vf gۦ~ l\j:N#V¯mR9ʵVܞVk}Dž#J O`І0#ZNHx J;]~_!Ƅ'SO L%& J!47\CP |°o/>VHUGod}exxJ"6r[$mkcEutMx57+ SxC7)(ʁޒ߉i48~8l@ "s? I:N5~ȝ<"&s'ُpS;"΀௥oXV{+$νOg-<-SWld""@Ո^G_Ѿi? ?4;};ozxX2Lp@:XțEI9@_E9ùo;{ r`(u<~/a]ԁيX{χ\o|J"ķ |$rkqC9Ҍ?͇˞RS ƈ\faH9p=SѨ-/1Șh MQ HxD~1&v+!"#manǞ3#H 1Ř!b`.(^ô kfĄ9e;Y F> +&(?,q E {GLƙ;fQt_$R D^t]\UP*@J>S|??&~eKL)awSa/x{ L3L\ocYej xpƧx})lHGxdf,yǥ}-AG,G71=` ?%غ9PsNM˜p4ħyO\#4[E9yF(Q Q~ כO͌.w3ʑ[@V;O6}N3>?Bg\㬳5:r_'\fC;5>2?C<>v/2Y\d"?/?/2e2OP) 2(rˌ̐KˌBf.n~+x*k  {/>_?m.1>ArS~~2w7Y7{dwɹN2!(ofY NoT8\8_JeYW@a uyQ^ }VV<_`fkWt.rf_2 ̭L_:W'Vr]!,.5PUZk /YՈ ǸJuv^_A5KHe^ۛTCGP78%Y}MNJ 4tk 7b[yDYAI{R}tEI>tiDLw<_[nNJ>s\ȜHǣWidN@AD4{HO8ѭ<\z[G4YQ=PW].6ppSn$ 5` }&exvY^][j7m!ϋ9y}³2SwفGhߚD,x e%Hi_1\- ez!J1 =4c֭dK_c(wp EУĶGu]ŗ1 {7/ ^"_v3&mc(2)R1K1@e^*q0*j>d%Q<;ә_pot1R  {{[1g7ډe:GKcp&~G ? 3ΕB تGШsx uYg'4WBMxYum&>cӄ2k`9ao5RFXk;MAc>;ul>9+soN'6a`a?&na (OP"q}(!3qݨDAR(~hDw.FKxrHqpC>~EE`A]5N)tI`Q l ,MNM[ U|ٱsh(Ŭ‘ɶz SO~j^O(Co݊珸66x}҄&:bz:SAW (|x7r¾i«%o#u`g#~"3V[œA6n?d([|ӽނ4 ~_f%\!dW<l[ +"ۂ K-Ӭ>sV¥"UXJMX,8. tiQK-9Buz Ϸ;<v7sCk_2ҵe>vį-ǬyvJ^St 7tlmb @J\ DQTt `GYu`+r 8ǩc[mx uuke!.1:7˟]lׁQ#iȅ+`j7E]EtAgvC%zh.&Ա`=br8Lte4Q3|JKm)胋Ƚgz^4}jsXC`Q_E@G7dyUĔfٵU鑛CCĚBJ>eS1C'@n0\|7H d9[\O^مu3\j/YH~> \99.@OI"cXM1}aE|@'W.rW?aMd|^k/oYi/6/:yH%Dn`gg^vXvQJe