Industry gives government IT security a D

Federal Progress Report and 2007 Agenda for U.S. Government Action

The federal government earned an overall grade of D in information technology security from industry because of last year’s data leaks and the inability to pass legislation to protect private information.

In its annual Federal Progress Report and Agenda for U.S. Government Action, the Cyber Security Industry Alliance (CSIA) nearly failed the government in the categories of protecting sensitive information, securing critical infrastructure and federal information assurance. The government's scores dropped from an average of D+ in last year's report.

In the report, alliance praised the ratification of the Council of Europe on Cyber Crime, the Homeland Security Department's appointment of Greg Garcia to the post of assistant secretary of cybersecurity and telecommunications, and the implementation of Homeland Security Presidential Directive 12.

But the group pointed to the government's lack of legislative response to last year’s big data leaks and DHS' inability to establish a clear information security agenda as the main reasons why the government’s grade slipped.

“The longer the government fails to act in addressing that issue and related issues, the more they need to be held accountable, given the fact that the problem has gotten worse,” said Liz Gasster, acting executive director and general counsel at the CSIA. The information security group consists of 22 cybersecurity companies, including McAfee and Symantec.

To better address data leakages, Gasster said the government needs to establish overarching standards for protecting personal information and a reporting system to inform citizens when data loss occurs.

“There are standards that apply to health care and financial services, but there is no overarching protection for citizens,” she said.

Data protection bill proposals from the Senate Commerce and Energy committees were stalled in the last session of Congress because of jurisdictional issues. The only bill to successfully pass was the Veterans Identity and Credit Security Act of 2006, which only covered veterans.

Gasster said CSIA will continue to lobby Congress for new legislation. “We're very hopeful that we [will] see legislation this year,” she said.


  • Acquisition
    network monitoring (nmedia/

    How companies should prep for CMMC

    Defense contractors should be getting ready for the Defense Department's impending cybersecurity standard expected to be released this month.

  • Workforce
    Volcanic Tablelands Calif BLM Bishop Field Office employee. April 28, 2010

    BLM begins move out of Washington

    The decision to relocate staff could disrupt key relationships with Congress and OMB and set the stage for a dismantling of the agency, say former employees.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.