iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Homeland Insecurity: Feds Flunk Security Test
Search:
[ insider_reports_insider ]

Homeland Insecurity: Feds Flunk Security Test



David Utter
Staff Writer
2006-03-17

SecurityProNews: Insider Reports Insider Reports RSS Feed


Not only did several federal agencies fail to pass muster in the annual review made by Congress, Homeland Security received a big fat red F for their efforts.

Feds Flunk Security Test
Feds Flunk Security Test

Not good. I'm tempted to borrow John Stith's "Idiot Watch" tagline for this story, but I'll abstain for now.

Washington Post cyber-security writer Brian Krebs revealed the list produced by the House Government Reform Committee. This is the third year the Committee has graded federal agencies on their computer security practices.

Overall, the government gets the kind of score we expect to see Bart Simpson bringing home to Homer and Marge: a combined D-plus for all of those agencies. The full list of grades shows Homeland Security is not alone in the corner with a dunce cap on its head.

Other departments pulling Fs for their F-forts were Agriculture, Defense (oh dear), Energy, Health & Human Services, Interior, State, and Veterans Affairs.

There were a few good performers snaring scores of A- to A+ in the Committee's list. Unfortunately, the Nuclear Regulatory Commission was one of them, with a D-. Someone getting access to that department's classified data could create the kind of scenario one might expect to see Jack Bauer face in "24".

Why can't agencies do better with the computer security grades it receives from Congress? Would you believe it's the fault of Congress?

SANS Institute research director Alan Paller said in the Post that the problem stems from all the red tape created with FISMA:

Paller argues that the yearly FISMA grades force agencies to apply scarce funding and employee time toward the wrong priorities.

"It turns out that the vast bulk of the federal information security money is spent on documenting these systems, not on securing or testing them against attacks," Paller said. "Most [agencies] are spending so much on the paperwork exercises that they don't have a lot of money left over to fix the problems they've identified."
That is something to keep in mind when tax time rolls around in a month. Those tax dollars that might be better spent on penetration and vulnerability testing and fixes instead go toward filling out government forms. Maybe "Idiot Watch" is an appropriate reference to make here.

---
Tag: |

Add to | DiggThis | Yahoo! My Web




About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds