Agencies still lax on systems security

Agencies still lax on systems security

By Tony Lee Orr

GCN Staff

APRIL 6'The government's failure to secure systems is leaving its computer infrastructure open to significant risk, witnesses told the House Energy and Commerce subcommittee on Oversight and Investigations yesterday.

Agencies that have felt 'the sting of public embarrassment' have shown some improvement, said committee chairman Rep. W.J. 'Billy' Tauzin (R-La.), but federal departments overall 'are just treading water.' Tauzin cited a February report from the Health and Human Services Department inspector general about numerous system control weaknesses that permitted unauthorized access to Health Care Financing Administration data about beneficiaries.

Federal investigators are now working on 102 cases of intrusion into government systems, said Ronald L. Dick, director of the FBI's National Infrastructure Protection Center. Many cases involve multiple incidents, he said, and some cases involve hundreds of compromised systems.

Sallie McDonald, assistant commissioner in the General Services Administration's Office of Information Assurance and Critical Infrastructure, testified that about 80 percent of hacking incidents go unreported because systems operators are unaware of them. Last year there were 586 reported hacking incidents involving numerous civilian systems and 148 Defense Department systems, she said.

Most agencies with poor systems security have failed to establish agencywide security management frameworks, said Robert F. Dacey, the General Accounting Office's director of information security. To establish such frameworks, he said, they need program managers who understand the most critical and sensitive aspects of their missions as well as technical experts who can suggest control techniques.

Dacey declined to give an overall grade on government computer security but noted there had been no improvement since Rep. Steve Horn (R-Calif.) handed out grades last September.

inside gcn

  • cloud (Singkham/Shutterstock.com)

    TIC alternative gets FedRAMP approval

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group