US government rapped over computer security

A US congressional subcommittee has failed 16 federal agencies on their computer security efforts, while giving barely passing...

A US congressional subcommittee has failed 16 federal agencies on their computer security efforts, while giving barely passing grades to a host of others.

"It is disappointing to announce that the federal government has received a failing grade on its security efforts," said Stephen Horn, chairman of the congressional Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations, in a scathing report released on 9 November.

The subcommittee began grading 24 major executive branch departments of the US government after the US Congress passed the Government Information Security Reform Act, which stipulates that federal agencies establish agency-wide computer security programmes that protect the systems that support their missions.

Critical agencies such as the Department of Defence, Department of Transportation, Department of Health and Human Services, and Department of Energy, as well as the Nuclear Regulatory Commission, all received a failing grade.

The dismal report card comes at a particularly sensitive time when the US is at war in Afghanistan and facing terrorist threats at home, making the protection of sensitive government information all the more crucial.

"All of us in Congress are well aware that the nation is in a state of war," said Horn. "It is not anyone's intention to place this great land at further risk of attack. It is, however, very important that the new administration take heed of the sobering assessment the subcommittee is providing and work expeditiously to address this most important need."

Other agencies that were handed a failing grade included the Department of Justice, the Department of Treasury, the Department of Interior and the Department of Education.

In the meantime, a handful of other agencies barely passed the test. These include the Federal Emergency Management Agency, the General Services Administration and the Department of State.

The National Aeronautics and Space Administration scored slightly below average, while the National Science Foundation merited the highest grade of the group.

The ratings were determined by security audits and evaluations performed by agency inspectors general since July 2000, with standards set by the Office of Management and Budget.

"Without proper protection, the vast amount of sensitive information stored on government computers could be compromised and the systems themselves subject to malicious attacks," Horn warned.

While the report comes as a stark warning to US government agencies to tighten their security, the subcommittee did recognise some recent advances within the US government.

However, the subcommittee warned: "Recent reports and events indicate that these efforts are not keeping pace with the growing threats, and that critical operations and assets continue to be highly vulnerable to computer-based attacks."

Read more on Antivirus, firewall and IDS products