[ISN] Davis: FISMA could prevent 'cyber Pearl Harbor'

From: InfoSec News (isn@private)
Date: Fri Apr 28 2006 - 03:38:11 PDT


http://www.fcw.com/article94211-04-27-06-Web

By Matthew Weigelt
Apr. 27, 2006 

Rep. Tom Davis (R-Va.) predicted a "cyber Pearl Harbor," an attack in
the future that would penetrate the federal government in some way. He
said such an attack could cause deaths or a financial breakdown.

That is why the Federal Information Security Management Act's
standards are necessary as preventive measures, despite needing tweaks
and improvements, he said at an Industry Advisory Council and American
Council for Technology luncheon in Washington, D.C.

"It's difficult, I think, for managers out there when you get so much
thrown at you," Davis said. "You've got a lot of boxes to check."

However, the standards will be forced through appropriations as
lawmakers start to cooperate, he said. Davis said he is open to
feedback on FISMA requirements.

The House Government Reform Committee, which Davis heads, releases a
FISMA report card annually, grading each agency on its compliance with
FISMA standards. It released its 2005 report card March 16.

This year, the federal government as a whole had a D-plus for computer
security.

Karen Evans, administrator of e-government and information technology
at the Office of Management and Budget, said after the luncheon that
officials are discussing the controversy over whether the security
certification and accreditation standards meet the legislation’s
intended goals or whether FISMA is seen simply as a requirement.

She said she believes that meeting standards is beneficial, "if you do
it in the spirit in which it was intended."

Evans directed questions about possible upcoming changes to FISMA to
Davis' committee.

According to the latest assessment of federal agencies' FISMA
compliance, weaknesses and inconsistencies in agencies' security
management practices left dangerous holes in critical infrastructures.

Notably, agencies whose missions include homeland security received
failing grades in 2005. Grades for the Defense, Homeland Security,
Justice and State departments remained below average or dropped. Of
those four departments, DHS remained level with its 2004 grade of an
F, according to the committee's rating. The other departments' grades
fell from the previous year. DOD went from a D to an F, Justice
dropped from a B-minus to a D and State fell from a D-plus to an F.

"FISMA is still viewed by some federal agencies as a paperwork
exercise," Davis said at a congressional hearing in March, when the
committee released the grades. "But these are shortsighted
observations."




_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org 



This archive was generated by hypermail 2.1.3 : Fri Apr 28 2006 - 04:19:13 PDT