Federal security misses the mark

Report card on computer security

Rep. Stephen Horn (R-Calif.) gave the government a D-minus in his first

set of grades issued on the state of agencies' computer security practices.

In issuing the grades Monday, Horn also promised to help agencies get more

money to help improve the security grades, which follow in the steps of

his Year 2000 preparedness report cards.

The grades are based on a self-assessment by each agency or department,

using a six-page questionnaire provided by Horn's staff on the House Reform

Committee's Government Management, Information and Technology Subcommittee.

Those answers were combined with the results of inspector general and General

Accounting Office audits and independent evaluations performed by private-sector

consultants during the past year.

While some agencies under larger departments submitted their own questionnaires,

the committee staff and GAO rolled most into a single, departmentwide grade

from A to F that provides a "snapshot" of each agency's security posture.

"This report card sets a baseline for future oversight and also serves as

a wake-up call for agencies," Horn said.

Agency officials are just as frustrated as everyone else when it comes to

the slow pace of security improvement, but they are dealing with more complex

issues, as every employee has become a factor in each agency's security,

said John Gilligan, chief information officer at the Energy Department and

co-chairman of the CIO Council's security committee.

"Federal CIOs are not asleep at the wheel," he said.

Horn said he will work with the CIO Council, the Office of Management and

Budget as well as agencies to talk with congressional authorization and

appropriations committees about funding agency security programs and cross-government

initiatives. With a budget surplus projected for the next fiscal year, now

is the time for agencies to lobby to reprogram some of that money for their

security initiatives, Horn said.

"If they're serious, this is the time to get a few million here and there,"

he said.

Featured

  • Defense
    The Pentagon (Photo by Ivan Cholakov / Shutterstock)

    DOD CIO hits pause on JEDI cloud acquisition

    Dana Deasy set cloud as his office's top priority. But when it comes to the JEDI request for proposal, he's directed staff to "pause" to compile a comprehensive review.

  • Cybersecurity
    By Gorodenkoff shutterstock ID 761940757

    Waging cyber war without a rulebook

    As the U.S. looks to go on the offense in the cyber domain, critical questions remain unanswered around who will take the lead and how clearly to draw the rules of engagement.

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Deadline extended for Rising Star nominations

    You now have until July 18 to help us identify the early-career innovators and change agents in government IT.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.