U.S. agencies earn D-plus on computer security
An AP story posted on SecurityFocus confirms the generally dismal
state of cybersecurity in the US government. The report on the
Department of Homeland Security is particularly disheartening.
"The overall security of computer systems inside the largest U.S.
government agencies improved marginally since last year but still
merits only a D-plus on the latest progress report from Congress. The
departments of Transportation, Justice and the Interior made
remarkable improvements, according to the rankings, which were
compiled by the House Government Reform Committee and based on reports
from each agency's inspector general. But seven of the 24 largest
agencies received failing grades, including the departments of Energy
and Homeland Security. The Homeland Security Department encompasses
dozens of agencies and offices previously elsewhere in government but
also includes the National Cyber Security Division, responsible for
improving the security of the country's computer networks."
More from the Washington Post story by Brian Krebs:
"Committee Chairman Tom Davis (R-Va.) ... chided agencies for not
moving fast enough. 'I hope it won't take some kind of major
cyber-attack to wake everybody up,' Davis said."
"For years, lawmakers in Congress have warned federal agency leaders
that they would slash funding for technology projects that fail to
meet basic computer security requirements. But despite such threats,
agency funding has remained unaffected by high or low grades on the
computer security report cards, according federal security officers
... 'If there are no incentives for agencies to comply with FISMA
requirements, what is the point?', said Richard P. Tracy, chief
security officer for Telos."
No comments:
Post a Comment