Industry gives government IT security a D
- By Wade-Hahn Chan
- Feb 01, 2007
Federal Progress Report and 2007 Agenda for U.S. Government Action
The federal government earned an overall grade of D in information technology security from industry because of last year’s data leaks and the inability to pass legislation to protect private information.
In its annual Federal Progress Report and Agenda for U.S. Government Action, the Cyber Security Industry Alliance (CSIA) nearly failed the government in the categories of protecting sensitive information, securing critical infrastructure and federal information assurance. The government's scores dropped from an average of D+ in last year's report.
In the report, alliance praised the ratification of the Council of Europe on Cyber Crime, the Homeland Security Department's appointment of Greg Garcia to the post of assistant secretary of cybersecurity and telecommunications, and the implementation of Homeland Security Presidential Directive 12.
But the group pointed to the government's lack of legislative response to last year’s big data leaks and DHS' inability to establish a clear information security agenda as the main reasons why the government’s grade slipped.
“The longer the government fails to act in addressing that issue and related issues, the more they need to be held accountable, given the fact that the problem has gotten worse,” said Liz Gasster, acting executive director and general counsel at the CSIA. The information security group consists of 22 cybersecurity companies, including McAfee and Symantec.
To better address data leakages, Gasster said the government needs to establish overarching standards for protecting personal information and a reporting system to inform citizens when data loss occurs.
“There are standards that apply to health care and financial services, but there is no overarching protection for citizens,” she said.
Data protection bill proposals from the Senate Commerce and Energy committees were stalled in the last session of Congress because of jurisdictional issues. The only bill to successfully pass was the Veterans Identity and Credit Security Act of 2006, which only covered veterans.
Gasster said CSIA will continue to lobby Congress for new legislation. “We're very hopeful that we [will] see legislation this year,” she said.