Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Feds Flunk Security

    By
    Caron Carlson
    -
    December 9, 2002
    Share
    Facebook
    Twitter
    Linkedin

      For the second year running, the federal government has flunked Computer Security 101. The 24 major agencies of the U.S. government performed so poorly this year that lawmakers charged with overseeing government efficiency said they want to tie agencies funding to network security procedures and force them to buy software only from a list of qualified products.

      Despite the redoubled attention to security since the terrorist attacks of Sept. 11, 2001, 14 of 24 federal agencies flunked in their efforts to improve network safety, according to the Computer Security Report Card, released last month by the House Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations. This fall, the subcommittee concluded that every major agency in the federal government houses significant network security weaknesses.

      Perhaps most worrisome, some agencies—including some that conduct highly confidential activity—fared even worse than they did a year ago.

      The Department of State bottomed out with an F after receiving a D-plus last year. NASAs score fell to a D-plus from a C-minus, but NASA officials view their network security as on the rise.

      “From our point of view, NASA has improved its focus on IT programs over the last year,” said Paul Shawcross, executive officer in NASAs inspector generals office, in Washington. “I get the feeling the grade standards have been increasing. Weve seen an improvement in attitude.”

      Government officials also said network security can be measured in different ways, and the subcommittees measurements are not necessarily consistent with other government measurements.

      Earlier this fall, the U.S. General Services Administration held up NASA as a model for other federal agencies to follow in their efforts to reduce computer attacks.

      NASAs 10 centers collaborated to identify the most exploited network weaknesses and then used the same scanning tools on 80,000 computer systems.

      Federal Agencies: SECURITY REPORT CARD

      • Nuclear Regulatory Commission C
        (2001 grade: F)
      • Department of Defense F
        (2001 grade: F)
      • Department of State F
        (2001 grade: D+)
      • NASA D+
        (2001 grade: C-)
      • Department of Justice F
        (2001 grade: F)
      • Social Security Administration B-
        (2001 grade: C+)
      • Department of Energy F
        (2001 grade: F)

      At a GSA forum in October, security officials said approximately one in 200 attacks penetrates NASAs systems, down from approximately one in 10 when the collaborative effort began in early 2000.

      The subcommittees report card is based on numerous criteria, including employee training, access controls, incident reporting procedures, system software, mechanisms to ensure the security of contractor services and the use of performance measures, among other things. The data comes from reports that the agencies send to the White Houses Office of Management and Budget and audits conducted by inspectors general and the General Accounting Office.

      Demonstrating the paradox of trying to promote improved security via public disclosure, the subcommittee declined to release detailed evaluations of each agency.

      “With computer security, it is not necessarily in the best interest of everybody to identify specific problems,” an aide on the subcommittee said. “The agencies know, and they are the people who need to get going on this.”

      The Social Security Administration made the highest grade this year, rising to a B-minus from last years C-plus. “The Social Security Administration continues to be a shining example of sound leadership and focused attention toward solving this important problem,” said the subcommittee chairman, Stephen Horn, R-Calif., upon disclosing the grades.

      The Nuclear Regulatory Commission earned the third-highest grade this year with a C, which does not appear remarkable until viewed in comparison with last years failing grade.

      In addition to tying funding to computer security, the government should set minimum security standards for commercial off-the-shelf software purchased by federal agencies, the subcommittee recommended in the report “Making Federal Computers Secure: Overseeing Effective Information Security Management.”

      The panel suggested that agencies be given a list of qualified software products, based on tests by developers or by an independent government agency, such as the National Institute of Standards and Technology or the National Security Agency. “The current practice of releasing software without adequate security testing and then developing patches to fix vulnerabilities creates an untenable burden on government systems administrators,” the subcommittee said in the report.

      Lawmakers noted that the OMB began using funding to try to improve computer security last year. OMB, which is requiring agencies to identify weaknesses and submit plans for addressing them, intends to end funding for IT projects that dont include security requirements.

      In the past year, there have been significant attacks on computers at the White House, Pentagon and Department of the Treasury, among other agencies. Lawmakers advised senior managers to pay more attention to network security and promote better education within the ranks. They also suggested that all departments implement performance measures and integrate security into budget planning.

      Horn plans to retire at the end of this congressional session. It remains unknown whether there will be a Computer Security Report Card next year.

      Avatar
      Caron Carlson

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×