[ISN] Feds get a 'D' in computer security

From: InfoSec News (isn@private)
Date: Thu Dec 11 2003 - 01:08:00 PST

  • Next message: InfoSec News: "[ISN] Social engineering holds clue to security leaks: expert"

    http://news.com.com/2100-7355_3-5118344.html
    
    [Interesting story when you consider that Amit Yoran rated the 
    government handling of the ``Livewire'' exercise in October a B+
    http://www.guardian.co.uk/uslatest/story/0,1282,-3427322,00.html  - WK] 
    
    
    By Robert Lemos 
    Staff Writer, CNET News.com
    December 9, 2003
    
    U.S. federal departments and agencies are showing some improvement in 
    protecting their computer networks, but many--including the Department 
    of Homeland Security--are failing, according to a government report 
    released Tuesday. 
    
    The report, prepared for the House of Representatives' Committee on 
    Government Reform, found that almost all agencies improved their 
    computer-security grade since last year. However, several key federal 
    departments continued to fail to adequately protect their networks and 
    earned an "F." 
    
    "For too long now information security has taken a back seat in the 
    collective conscience (sic) of our nation," said a statement from Rep. 
    Tom Davis, R-Va., the committee chairman. "We must come to the stark 
    realization that a major Achilles heel is our computer networks." 
    
    Overall, the government earned a "D" on this year's report card. In 
    2002, it was given an "F."
    
    Two agencies, the Department of Health and Human Services and the 
    National Aeronautics and Space Administration, slipped in the rankings 
    since 2002. The newest department in the federal government, the 
    Department of Homeland Security, got off to a bad start with an 
    overall "F" for its computer security, despite the fact that securing 
    the nation's network is part of its mission. 
    
    Davis took the private sector to task for poor security overall as 
    well. 
    
    "The culture of our top-level CEOs in the private sector, and top 
    executives in government, must be changed," he said in the statement. 
    "We must get those at the very top, the decision makers, the ones 
    accountable to the shareholders, the customers or the electorate, to 
    recognize that lack of network security in an organization is a 
    material weakness and one that deserves necessary resources and 
    immediate action." 
    
    This year, two agencies earned an "A": The Nuclear Regulatory 
    Commission and the National Science Foundation. Ironically, a 
    privately maintained nuclear reactor under the NRC's jurisdiction 
    suffered an attack by the Slammer worm in early 2003. 
    
    The agencies rankings can be found on the Committee on Government 
    Reform's Web site [1]. 
    
    [1] http://reform.house.gov/TIPRC/Hearings/EventSingle.aspx?EventID=652
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Dec 11 2003 - 03:47:27 PST