Security flunks Horn's final exam
- By William Matthews
- Nov 19, 2002
The professor has given his final exam on computer security, and the
results are miserable.
Overall, federal agencies earned an "F" on Rep. Stephen Horn's latest
report card on government security the same grade they earned in 2001.
When he issued his first computer security report card in 2000, Horn (R-Calif.)
awarded agencies an overall grade of D-.
Of the 24 federal agencies Horn graded, 14 flunked. The highest grade
was a B-minus.
Agencies are increasingly reliant on computers and must do a better
job of protecting their systems against hackers, viruses and other threats,
With lax computer security, agencies are vulnerable to "ever increasing
risks of fraud, inappropriate disclosure of sensitive data, and disruptions
in critical operations and services," Horn warned Nov. 19 at the start of
a hearing during which he issued the report card.
In recent years, Horn has resorted to issuing report cards to call attention
to poor performance by government agencies on technology and other matters.
A former professor and president of California State University at Long
Beach, Horn's grading system helped focus attention on certain agencies'
lack of preparedness for the Year 2000 date change problem that threatened
On the Year 2000 report cards, grades ranged from A-plus to F.
Later Horn focused on financial management, where grades were poorer.
In 2001, for examples, agencies averaged only a C-minus. Then on computer
security, performance plummeted.
Horn, who is chairman of the House Government Reform Committee's Government
Efficiency, Financial Management and Intergovernmental Relations Subcommittee,
is retiring from Congress at the end of this session. His southern California
district was eliminated during redistricting earlier this year.
During the final hearing of his subcommittee Nov. 19, Horn offered a
shred of faint praise for the computer security efforts of the agencies
"Eleven of the 24 agencies have shown some improvement," he said. But
"overall, progress is slow." Some agencies seem to be "getting a handle
on the scope of their computer security problems, but in the meantime, the
federal government's systems and assets remain vulnerable," Horn said.
But even as agencies begin to understand the scope of their problems,
the problems are getting worse, he said. "Reports of attacks and disruptions
are growing, and they are becoming more complex and harder to trace. The
number of reported computer security incidents has risen 71 percent over
the last year."
Horn's computer security grades were as follows:
|Social Security Administration||B-
Labor Department ||C+
|Nuclear Regulatory Commission ||C
|Commerce Department ||D+
|Education Department ||D
|General Services Administration ||D
|National Science Foundation ||D-
|Environmental Protection Agency ||D-
|Department of Health and Human Services ||D-
|Justice Department ||F
|State Department ||F
|Agency for International Development ||F
|Office of Personnel Management ||F
|Department of Veterans Affairs ||F
|Housing and Urban Development ||F
|Small Business Administration ||F
|Treasury Department ||F
|Energy Department ||F
|Defense Department ||F
|Interior Department ||F
|Agriculture Department ||F
|Federal Emergency Management Agency ||F
|Transportation Department ||F