http://story.news.yahoo.com/news?tmp...ntwork&e=3
Technology - USATODAY.com
Computer (in)security: good enough for government work
Wed Feb 23, 9:41 AM ET
Who you are going to call when it comes to computer security? Not the federal government, according to grades given to the largest agencies and departments under the Federal Information Security Management Act (FISMA). Indeed, the government-wide grade was a D+ for 2004.
_The following departments received a resounding F for 2004 computer security: Commerce, Veterans Affairs, Agriculture, Health and Human Services (news - web sites), Energy, Housing and Urban Development and Homeland Security (ironic, no?). Of this group, Veterans Affairs fell from the C it earned in 2003, and Commerce dropped from its 2003 C-minus.
NASA (news - web sites) and the Small Business Administration earned D-minus grades for 2004. The latter fell from its 2003 C-minus, while the former held steady from its 2003 D-minus score.
The Department of Defense (news - web sites) (are you feeling secure yet?) earned a D for 2004, as it did in 2003, and the Department of Treasury improved from its 2003 D to a 2004 D+, while the Department of State (comforting!) improved from its 2003 F to a 2004 D+.
The Office of Personnel Management earned a C-minus, the Department of Education (news - web sites) merited a C, and the General Services Administration, the National Science Foundation (news - web sites), and the Department of Interior received C+ grades. Of this group, the only real improvement goes to the Department of Interior, which climbed from its 2003 F. Strikingly, the National Science Foundation fell from its 2003 A-minus.
The Department of Labor and the Department of Justice (news - web sites) received B-minus grades for 2004, which was a strong improvement from the latter’s 2003 F grade, whereas the former had a higher grade in 2003.
The Social Security Administration (news - web sites) and the Environmental Protection Agency (news - web sites) earned B grades for 2004, which was a decline for the latter but an improvement for the former from 2003.
The Nuclear Regulatory Commission received a B+ grade for 2004, which sounds good. However, it received an A in 2003.
The Department of Transportation was a bright spot, receiving an A-minus grade for 2004, up from a D+ grade in 2003. Likewise, the Agency for International Development earned an A+ grade in 2004, much improved over its C-minus 2003 grade.
Plainly, these grades are in the main unacceptable. The failures in federal computer security must be identified and appropriate resources should be dedicated to create true government computer security. This, obviously, is one area where money can be spent at home to help our security.
Eric Sinrod is a partner in the San Francisco office of Duane Morris (
www.duanemorris.com), where he focuses on litigation matters of various types, including information technology disputes. His column appears Wednesdays at USATODAY.com. His Web site is
www.sinrodlaw.com, and he can be reached at
ejsinrod@duanemorris.com. To receive a weekly e-mail link to Mr. Sinrod's columns, please send an e-mail with the word Subscribe in the Subject line to
ejsinrod@duanemorris.com.
Top
