Feds get poor grades for computer security

Feds get poor grades for computer security

By Tony Lee Orr

GCN Staff

SEPT. 11—Most federal agencies received barely passing grades today from a House subcommittee for securing the government's 26,000-plus computer systems and the vast amounts of personal data they contain.

While some federal officials decried the use of a grading system that could signal to the public that some personal information is poorly protected, all agreed improvement is needed.

The Social Security Administration scored the highest with a B. The National Science Foundation followed with a B-minus. Only five agencies made average grades, and six agencies barely passed with Ds or D-minuses. Seven departments or agencies flunked outright, and the grading of four others, including the Energy Department and the Nuclear Regulatory Commission, was incomplete. Energy has had a number of computer security problems, while NRC typically has done well on security reviews.

As a whole, the federal government received a D-minus.

Most agencies suffered from a well-worn list of problems: inadequate password management and protection, unauthorized access to system files, shoddy background check procedures and poorly managed intrusion detection systems, testified Joel C. Willemssen, director of GAO's Accounting and Information Management Division.

SSA scored well because the agency embraced the computer security issue earlier than most agencies, John R. Dyer, SSA's chief information officer, said during a hearing before the House Government Reform Subcommittee on Government Management, Information and Technology. The administration reacted to the issue much as it did to year 2000 coding issues, he said.

Now, each modification to SSA systems or applications is reviewed with security in mind, Dyer said.

The grades were based on questionnaires completed by federal officials, as well as GAO information and audit reports prepared by agencies' inspectors general.

The Education and State departments each received a C. Housing and Urban Development, Commerce and the Agency for International Development all scored C-minus.

The Defense Department made a D-plus. Ds were given to Veterans Affairs and Treasury. The Environmental Protection Agency, General Services Administration and NASA each received a D-minus.

Flunking were the Office of Personnel Management, Health and Human Services, Agriculture, Small Business Administration, Justice, Labor and Interior.




inside gcn

  • cyber hygiene (Lucky Business/Shutterstock.com)

    Cleaning up cyber hygiene

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group