US agencies still score poorly on security

Most US federal agencies have received low grades for failing to protect their computer networks from hackers and other...

Most US federal agencies have received low grades for failing to protect their computer networks from hackers and other cyberterrorists for the fourth year in a row.

The report card, issued by the US House Government Reform Subcommittee on Technology, graded agencies on their progress in complying with the Federal Information Security Act of 2002, which requires federal agencies to submit data on their computer security programs to the Office of Management and Budget every September.

The Department of Homeland Security was one of eight agencies that received a grade F for its network security efforts. In 2002, 13 agencies received a failing grade.

DHS officials could not be reached for comment.

The Department of Justice, as well as the departments of Energy, Health and Human Services, Interior, Agriculture, Housing and Urban Development, and State also received failing grades.

On the other end of the scale, two agencies received an A or A- score: the Nuclear Regulatory Commission and the National Science Foundation. The Social Security Administration received a B+, and the Department of Labor got a B.

"Obviously, the fact that the federal government has moved from an overall score of F to D and 14 agencies showed improvement in their scores is a positive sign," said Bob Dix, the subcommittee's staff director.

However, he added, the fact that there are still eight agencies with failing grades indicated the issue has not been given the priority it deserves.

"While some of the agencies provided evidence of strong support by virtue of the strong scores they got, others continue to have failing grades, which is evidence that they haven't given the proper attention to this issue," Dix said. "We are just not doing enough to achieve the results that we must achieve."

Linda Rosencrance writes for Computerworld

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.