GAO information assurance chief offers security advice to agencies

GAO information assurance chief offers security advice to agencies

The General Accounting Office's Keith A. Rhodes said, 'I told you so,' last week to the House Science Subcommittee on Technology.

'About this time last year I testified before this subcommittee on the Melissa virus, which temporarily disrupted the operations of some agencies,' said Rhodes, director of GAO's Office of Computer and Information Assurance.

'I stressed that the next virus would likely propagate faster, do more damage and be more difficult to detect and counter,' he said. 'This is just what we have experienced with ILOVEYOU.'

The House panel held a hearing last week on the ILOVEYOU virus, which affected thousands of government computers in its two-day tear around the world. Rhodes said the government has not done enough to protect its systems from such threats.

'Federal agencies must implement vigorous security programs to enable them to closely watch their information resources for signs of attack or intrusion, and to quickly react,' he said.

He offered a list of immediate actions that agencies should take:

•Increase awareness of security needs.

•Ensure existing controls are effective.

•Ensure software patches are up-to-date.

•Use automated scanning and testing tools to identify problems quickly.

•Expand use of best security practices.

•Address common vulnerabilities.

'While these actions can jump-start security efforts, they will not result in fully effective and lasting improvements unless they are supplemented by a strong management framework,' Rhodes said.

'Shruti Dat'

Featured

  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected