Network News

X My Profile
View More Activity

Govt' Earns 'C' on Computer Security Report Card

The federal government earned an overall grade of "C" for securing its computer systems and networks from cyber attack last year, a slight improvement from the "C-minus" mark the government was given in 2006.

The report cards were issued today by Rep. Tom Davis of Virginia, the ranking Republican on the House Committee on Oversight and Government Reform.

Nine agencies earned failing grades for 2007, including the departments of Agriculture, Commerce, Defense, Interior, Labor, Transportation, Treasury, Veterans Affairs, as well as the Nuclear Regulatory Commission. The grades are based on data submitted by the agencies and agency inspector generals to the White House for fiscal year 2007.

Eight agencies earned "A" grades, including the the Department of Justice, the Agency for International Development, Environmental Protection Agency, National Science Foundation, Social Security Administration, Housing and Urban Development, Office of Personnel Management and the General Services Administration.
However, the committee noted that the "A's" awarded to HUD and Justice were given with "low confidence because of weaker audit results."

The Department of Homeland Security was among a handful of agencies that showed marked improvement in meeting federal information security standards, raising its mark from a "D" in 2006 to a "B" last year.

The House committee said agencies were rated on their annual tests of information security, their plans of action and milestones or corrective-action plans, whether they certify and accredit their systems as secure, how well they manage the configuration of their computers to ensure security, how they detect and react to breaches, their training programs and the accuracy of their inventories.

By Brian Krebs  |  May 20, 2008; 2:41 PM ET
Categories:  From the Bunker , U.S. Government  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Most Spam Sites Tied to a Handful of Registrars
Next: New Tax Plan Could Jeopardize Small Business Owners' Privacy

Comments

Why declassify this sort of information? Why not just hang a target on a few government agencies, while we're at it? I'm for posting the A grades but the low ones...not so much. Security through obscurity is not a subtitute for security, but it IS an element and any "grader" who fails to realize that deserves an F himself.

Posted by: Eponymous | May 21, 2008 11:36 AM | Report abuse

How about this perspective. We post "grades" saying certain departments are very secure and protected, and others (like DHS) as barely making the grade. Now that we have defined "the low hanging fruit" for would be attackers we can sit back and watch them foolishly take these "grades" as truly indicative of a systems state of securitty and make a run at (drum roll please) the DHS. Then they just sit back and read the logs, compile a list of IPs, and add to thier ever-growing list of systems and people to track, monitor, and tap.

Posted by: Charles Decker | May 21, 2008 2:50 PM | Report abuse

Is Security really secure? I dont think so

Britec - http://www.britec.org.uk
http://www.britec.co.uk

Posted by: Brian | May 22, 2008 3:57 PM | Report abuse

These grades mainly report on how well each organization handles the FISMA reporting process, not how secure their system and networks are. It's almost entirely a self-assessment, vetted by their own Inspectors General. Not their fault: like No Child Left Behind, it's a cookie cutter from the top, measuring conformity, not performance. Alas, if only the government wasn't run by the government, what it could do ...

Posted by: Ten Thumbs | May 24, 2008 6:11 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company