Rep. mulls grading agencies on security

The head of a technology lobbying group last week suggested that Rep. Stephen Horn (R-Calif.) should apply the same grading system used to evaluate agencies on fixing computers for the Year 2000 problem to agencies' efforts to protect their computer systems from hackers.

Harris Miller, president of the Information Technology Association of America, told Horn that the grading system he developed for rating agencies' progress in fixing Year 2000 bugs "has been a tremendous tool for focusing attention on the [Year 2000] problem."

Harris, testifying at a joint House hearing of the subcommittee on Government Management, Information and Technology, and the Science Committee's Technology subcommittee, suggested that Horn could use several criteria for the grading process, including reports of intrusion and how much an agency spends on computer security. "The report card can help turn the attention toward the problem,'' Harris said. "Make no mistake about it: Information security is the next Year 2000 issue for the IT community and its users."

Horn, chairman of the Government Management Subcommittee, has not decided whether to grade agencies on how well their systems are secured. But computer security is clearly on the subcommittee's agenda.

"The rush to solve the Year 2000 problem may have created another more insidious and potentially troubling problem," Horn said in his opening remarks. "We will discuss the danger that government agencies, corporations and individuals are now more vulnerable to computer fraud, whether it is in the form of electronic robberies or information warfare."

Attention has been focused on computer security since the Gartner Group Inc. released a report in April concluding that more than $1 billion may be stolen by hackers through lapses in computer security directly resulting from Year 2000 remediation efforts. According to Gartner Group, in the case of the potential $1 billion electronic theft or fraud, the motive will likely be one of greed combined with a highly skilled software engineer who feels unappreciated or under-recognized.

"The concern involves something called 'trap doors' - computer coding that can give unscrupulous contractors access to the sensitive information in a computer long after their Year 2000 work is completed," Horn said. "From bank accounts and intellectual property to medical records and defense secrets, companies and government agencies have given contractors the keys that unlock an enormous storehouse of information.''

Miller said government and industry must work to find common ground on information security to address the concerns of law enforcement while respecting constitutional rights to privacy.

"Threats come in many forms: mischief-minded hackers, disgruntled employees, cyberterrorists and rogue nations," Miller said. "This issue is bigger than Y2K and has the potential for greater long-term vulnerabilities if industry and government do not find ways to work together now."

Horn and Rep. Constance Morella, (R-Md.), chairwoman of the technology subcommittee, held the joint hearing to focus on how the federal government and corporations protect their computer systems.

"The most effective theft and fraud deterrent is the perception that there are very high levels of security," said Joe Pucciarelli, vice president and research director at Gartner Group. "Procedure reviews must limit the ability of a single individual to make changes or initiate activities without a second person participating in the process.''

For the federal government, witnesses suggested creating a computer security czar whose role would be to help agencies protect their systems. The security czar's responsibilities should be similar to those of John Koskinen, chairman of the President's Council on Year 2000 Conversion. "The [computer security] czar must have direct access to the executives," Miller said. "That person must have access to the cabinet, vice president and president, like Koskinen."

Pucciarelli suggested that agencies' inspectors general could help agencies protect systems by keeping top management updated on security issues. But the inspectors general should be accountable to someone such as a computer security czar, he said.


  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.