White House doesn't shine in cybersecurity grading

National Security Cyberspace Institute releases cybersecurity report card

The Obama administration has received less-than-stellar marks in a recent report card on its cybersecurity policies, earning grades in the B to D range.  

The National Security Cyberspace Institute examined the administration’s record of cybersecurity accomplishments in a white paper published Jan. 18.

NSCI awarded grades for progress against 10 near-term recommendations included in the White House’s 60-day Cyberspace Policy Review released in 2009.

Related story:

DISA creates 'demilitarized zone' for unclassified network

“We awarded grades solely on our view of actual progress – not on good intentions, flowery rhetoric, the number of meetings held, commissions commissioned, or number of times administration officials have mentioned the word ‘cyber,’ ” NSCI wrote.

None of the White House’s near-term action items received an A, for full implementation, or an F, for no progress shown.

NSCI gave the administration a B for designating cybersecurity as one of the president’s key management priorities and establishing performance metrics, noting its recently announced update to the Federal Information Security Management Act. The update shifts the focus from paper-based compliance reports to real-time monitoring of federal networks, according to the institute.

“The change in approach provides for faster identification and response to vulnerabilities,” the white paper states. “The administration believes the new approach builds on best practices from both government and industry, thus making our cybersecurity efforts more effective.”

NSCI also gave the administration a B for a lack of substantial progress in conducting interagency legal analyses of priority cybersecurity-related issues and formulating coherent policy guidance that clarifies the roles, responsibilities and application of agency authorities for cybersecurity-related activities across the federal government.

The administration received a D for the months of delay in appointing Howard Schmidt to the cybersecurity coordinator position, as well as another D for failing to release an updated national strategy to secure the information and communications infrastructure.

NSCI further chose to give the administration a B for continuing the dialogue on international cybersecurity agreements. But the White House earned a C for moving too slowly in preparing a cybersecurity incident response plan and enhancing public-private partnerships.

“In September 2010, the Department of Homeland Security released an interim version of a National Cyber Incident Response Plan, a mere 16 months after President Obama’s declaration of cybersecurity as a top administration priority,” NSCI wrote. “That’s hardly a fast-track agenda.”

The White House also scored a C for not living up to its responsibility to coordinate a national cybersecurity research and development agenda, according to the white paper.


About the Author

Alyah Khan is a staff writer covering IT policy.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.