The federal agencies that make up the U.S. government have still not locked down their computers in accordance with a legislative mandate, according to a report published on Thursday.
The report, part of an annual ritual required by the Federal Information Security Management Act (FISMA) of 2002, gives grades to the two dozen agencies that make up the U.S. government. In 2005, eight agencies--including the Department of Defense, Department of Homeland Security and Department of Energy--received failing marks.
"This year, the federal government as a whole hardly improved, receiving a D+ yet again," Rep. Tom Davis, R-Virg., chairman of the House Committee on Government Reform, said in a statement. "Our analysis reveals that the scores for the Department of Defense, Homeland Security, Justice (and) State--the agencies on the front line in the war on terrorism--remained unacceptably low or dropped precipitously."
The latest report card comes as various agencies continue to struggle with how to secure their systems in the digital age. The control systems used by the nation's utilities and communications networks are still not adequately secured, while government and corporate computer systems have begun to be increasingly targeted by stealthy attacks.
The agency that should be leading the pack, the Department of Homeland Security, still remains far behind. The DHS got its third F in a row. Yet that belies the progress that has been made, Scott Charbo, the chief information officer for the DHS, said in a statement.
Calling compliance with FISMA a "top priority," the CIO explained that the agency had surveyed the applications it uses, deployed tools to accredit systems and established metrics for security. In the past five months, it has accredited an additional 34 percent of its systems, bringing the total to 60 percent. Charbo expects the DHS to have all its systems accredited by the end of 2006.
Michael Chertoff, the Secretary of Homeland Security, has yet to choose a person to fill the recently-created position of assistant secretary for cybersecurity at the agency.
Posted by: Robert Lemos