Evans on security: At least it's improving

2003 security report card

Related Links

Government officials and security experts see the improvement in the cybersecurity grades awarded by Congress this week as a positive sign, even if that improvement was minimal.

The governmentwide grade of D, given by Rep. Adam Putnam (R-Fla.), chairman of the House Government Reform Committee's Technology, Information Policy, Intergovernmental Relations and the Census Subcommittee, is still not good. But Karen Evans, the Office of Management and Budget's administrator for e-government and information technology, is optimistic. "I am a positive person," Evans said. "I was excited we moved to a D because we had been an F overall for three years. Any movement forward is a good thing."

In one way, it was good to see that the grade didn't jump too much, observers said. That diminished any possibility for speculation that the grades were fixed or that agency officials were padding their reports, said Alan Paller, director of research at the SANS Institute, a security education and research organization.

At the same time, "it allowed the organizations to show some progress, and that's so important," Paller said. "At some point, if you want to make change, you need to use positive reinforcement."

The agencies that showed the most improvement also showed that officials can learn from one another, he said. For example, the Nuclear Regulatory Commission jumped 20 points from a C to an A. The Transportation Department only raised its grade from an F to a D+, but it jumped more than 40 points at least in part because officials implemented an idea from the commission, Paller said.

At the release of the grades Dec. 9, Putnam said that during the next year, he would emphasize spreading tactics and processes from high-performing agencies to those at the bottom of the spectrum. Evans said she was pleased Putnam used the same scoring methods as before, thus allowing for a fair comparison. The grading effort also seemed to be a collaborative effort among Congress, OMB and the agencies. However, there is a lot of work to be done, she said. "Cybersecurity is a challenge, and a lot of it is that [agency officials] are really thinking about their overall cybersecurity IT strategy," Evans said. "As they are defining what systems were and moving more toward portfolio management, there are issues associated with that." OMB officials are helping agencies move forward through the quarterly assessments in the President's Management Agenda. That score card also evaluates security and helps agencies stay focused on continued improvement, which is exactly what Evans said she expects to see. "We would like to see higher grades, but it does show a momentum moving forward," she said. "It does show the [inspectors general] have recognition that the agencies that have put a lot of effort in are moving forward."

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.