Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Feds Flunk Security

    By
    Caron Carlson
    -
    December 9, 2002
    Share
    Facebook
    Twitter
    Linkedin

      For the second year running, the federal government has flunked Computer Security 101. The 24 major agencies of the U.S. government performed so poorly this year that lawmakers charged with overseeing government efficiency said they want to tie agencies funding to network security procedures and force them to buy software only from a list of qualified products.

      Despite the redoubled attention to security since the terrorist attacks of Sept. 11, 2001, 14 of 24 federal agencies flunked in their efforts to improve network safety, according to the Computer Security Report Card, released last month by the House Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations. This fall, the subcommittee concluded that every major agency in the federal government houses significant network security weaknesses.

      Perhaps most worrisome, some agencies—including some that conduct highly confidential activity—fared even worse than they did a year ago.

      The Department of State bottomed out with an F after receiving a D-plus last year. NASAs score fell to a D-plus from a C-minus, but NASA officials view their network security as on the rise.

      “From our point of view, NASA has improved its focus on IT programs over the last year,” said Paul Shawcross, executive officer in NASAs inspector generals office, in Washington. “I get the feeling the grade standards have been increasing. Weve seen an improvement in attitude.”

      Government officials also said network security can be measured in different ways, and the subcommittees measurements are not necessarily consistent with other government measurements.

      Earlier this fall, the U.S. General Services Administration held up NASA as a model for other federal agencies to follow in their efforts to reduce computer attacks.

      NASAs 10 centers collaborated to identify the most exploited network weaknesses and then used the same scanning tools on 80,000 computer systems.

      Federal Agencies: SECURITY REPORT CARD

      • Nuclear Regulatory Commission C
        (2001 grade: F)
      • Department of Defense F
        (2001 grade: F)
      • Department of State F
        (2001 grade: D+)
      • NASA D+
        (2001 grade: C-)
      • Department of Justice F
        (2001 grade: F)
      • Social Security Administration B-
        (2001 grade: C+)
      • Department of Energy F
        (2001 grade: F)

      At a GSA forum in October, security officials said approximately one in 200 attacks penetrates NASAs systems, down from approximately one in 10 when the collaborative effort began in early 2000.

      The subcommittees report card is based on numerous criteria, including employee training, access controls, incident reporting procedures, system software, mechanisms to ensure the security of contractor services and the use of performance measures, among other things. The data comes from reports that the agencies send to the White Houses Office of Management and Budget and audits conducted by inspectors general and the General Accounting Office.

      Demonstrating the paradox of trying to promote improved security via public disclosure, the subcommittee declined to release detailed evaluations of each agency.

      “With computer security, it is not necessarily in the best interest of everybody to identify specific problems,” an aide on the subcommittee said. “The agencies know, and they are the people who need to get going on this.”

      The Social Security Administration made the highest grade this year, rising to a B-minus from last years C-plus. “The Social Security Administration continues to be a shining example of sound leadership and focused attention toward solving this important problem,” said the subcommittee chairman, Stephen Horn, R-Calif., upon disclosing the grades.

      The Nuclear Regulatory Commission earned the third-highest grade this year with a C, which does not appear remarkable until viewed in comparison with last years failing grade.

      In addition to tying funding to computer security, the government should set minimum security standards for commercial off-the-shelf software purchased by federal agencies, the subcommittee recommended in the report “Making Federal Computers Secure: Overseeing Effective Information Security Management.”

      The panel suggested that agencies be given a list of qualified software products, based on tests by developers or by an independent government agency, such as the National Institute of Standards and Technology or the National Security Agency. “The current practice of releasing software without adequate security testing and then developing patches to fix vulnerabilities creates an untenable burden on government systems administrators,” the subcommittee said in the report.

      Lawmakers noted that the OMB began using funding to try to improve computer security last year. OMB, which is requiring agencies to identify weaknesses and submit plans for addressing them, intends to end funding for IT projects that dont include security requirements.

      In the past year, there have been significant attacks on computers at the White House, Pentagon and Department of the Treasury, among other agencies. Lawmakers advised senior managers to pay more attention to network security and promote better education within the ranks. They also suggested that all departments implement performance measures and integrate security into budget planning.

      Horn plans to retire at the end of this congressional session. It remains unknown whether there will be a Computer Security Report Card next year.

      Caron Carlson
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×