Evans on security: At least it's improving

2003 security report card

Related Links

Government officials and security experts see the improvement in the cybersecurity grades awarded by Congress this week as a positive sign, even if that improvement was minimal.

The governmentwide grade of D, given by Rep. Adam Putnam (R-Fla.), chairman of the House Government Reform Committee's Technology, Information Policy, Intergovernmental Relations and the Census Subcommittee, is still not good. But Karen Evans, the Office of Management and Budget's administrator for e-government and information technology, is optimistic. "I am a positive person," Evans said. "I was excited we moved to a D because we had been an F overall for three years. Any movement forward is a good thing."

In one way, it was good to see that the grade didn't jump too much, observers said. That diminished any possibility for speculation that the grades were fixed or that agency officials were padding their reports, said Alan Paller, director of research at the SANS Institute, a security education and research organization.

At the same time, "it allowed the organizations to show some progress, and that's so important," Paller said. "At some point, if you want to make change, you need to use positive reinforcement."

The agencies that showed the most improvement also showed that officials can learn from one another, he said. For example, the Nuclear Regulatory Commission jumped 20 points from a C to an A. The Transportation Department only raised its grade from an F to a D+, but it jumped more than 40 points at least in part because officials implemented an idea from the commission, Paller said.

At the release of the grades Dec. 9, Putnam said that during the next year, he would emphasize spreading tactics and processes from high-performing agencies to those at the bottom of the spectrum. Evans said she was pleased Putnam used the same scoring methods as before, thus allowing for a fair comparison. The grading effort also seemed to be a collaborative effort among Congress, OMB and the agencies. However, there is a lot of work to be done, she said. "Cybersecurity is a challenge, and a lot of it is that [agency officials] are really thinking about their overall cybersecurity IT strategy," Evans said. "As they are defining what systems were and moving more toward portfolio management, there are issues associated with that." OMB officials are helping agencies move forward through the quarterly assessments in the President's Management Agenda. That score card also evaluates security and helps agencies stay focused on continued improvement, which is exactly what Evans said she expects to see. "We would like to see higher grades, but it does show a momentum moving forward," she said. "It does show the [inspectors general] have recognition that the agencies that have put a lot of effort in are moving forward."

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.