GAO information assurance chief offers security advice to agencies

GAO information assurance chief offers security advice to agencies

The General Accounting Office's Keith A. Rhodes said, 'I told you so,' last week to the House Science Subcommittee on Technology.

'About this time last year I testified before this subcommittee on the Melissa virus, which temporarily disrupted the operations of some agencies,' said Rhodes, director of GAO's Office of Computer and Information Assurance.

'I stressed that the next virus would likely propagate faster, do more damage and be more difficult to detect and counter,' he said. 'This is just what we have experienced with ILOVEYOU.'

The House panel held a hearing last week on the ILOVEYOU virus, which affected thousands of government computers in its two-day tear around the world. Rhodes said the government has not done enough to protect its systems from such threats.

'Federal agencies must implement vigorous security programs to enable them to closely watch their information resources for signs of attack or intrusion, and to quickly react,' he said.

He offered a list of immediate actions that agencies should take:

•Increase awareness of security needs.

•Ensure existing controls are effective.

•Ensure software patches are up-to-date.

•Use automated scanning and testing tools to identify problems quickly.

•Expand use of best security practices.

•Address common vulnerabilities.

'While these actions can jump-start security efforts, they will not result in fully effective and lasting improvements unless they are supplemented by a strong management framework,' Rhodes said.

'Shruti Dat'

inside gcn

  • security compliance

    Security fundamentals: Policy compliance

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above