Industry gives government IT security a D

Federal Progress Report and 2007 Agenda for U.S. Government Action

The federal government earned an overall grade of D in information technology security from industry because of last year’s data leaks and the inability to pass legislation to protect private information.

In its annual Federal Progress Report and Agenda for U.S. Government Action, the Cyber Security Industry Alliance (CSIA) nearly failed the government in the categories of protecting sensitive information, securing critical infrastructure and federal information assurance. The government's scores dropped from an average of D+ in last year's report.

In the report, alliance praised the ratification of the Council of Europe on Cyber Crime, the Homeland Security Department's appointment of Greg Garcia to the post of assistant secretary of cybersecurity and telecommunications, and the implementation of Homeland Security Presidential Directive 12.

But the group pointed to the government's lack of legislative response to last year’s big data leaks and DHS' inability to establish a clear information security agenda as the main reasons why the government’s grade slipped.

“The longer the government fails to act in addressing that issue and related issues, the more they need to be held accountable, given the fact that the problem has gotten worse,” said Liz Gasster, acting executive director and general counsel at the CSIA. The information security group consists of 22 cybersecurity companies, including McAfee and Symantec.

To better address data leakages, Gasster said the government needs to establish overarching standards for protecting personal information and a reporting system to inform citizens when data loss occurs.

“There are standards that apply to health care and financial services, but there is no overarching protection for citizens,” she said.

Data protection bill proposals from the Senate Commerce and Energy committees were stalled in the last session of Congress because of jurisdictional issues. The only bill to successfully pass was the Veterans Identity and Credit Security Act of 2006, which only covered veterans.

Gasster said CSIA will continue to lobby Congress for new legislation. “We're very hopeful that we [will] see legislation this year,” she said.


  • People
    Federal 100 logo

    Announcing the 2021 Federal 100 Award winners

    Meet the women and men being honored for their exceptional contributions to federal IT.

  • Comment
    Diverse Workforce (Image: Shutterstock)

    Who cares if you wear a hoodie or a suit? It’s the mission that matters most

    Responding to Steve Kelman's recent blog post, Alan Thomas shares the inside story on 18F's evolution.

Stay Connected