Agencies still lax on systems security

Agencies still lax on systems security

By Tony Lee Orr

GCN Staff

APRIL 6'The government's failure to secure systems is leaving its computer infrastructure open to significant risk, witnesses told the House Energy and Commerce subcommittee on Oversight and Investigations yesterday.

Agencies that have felt 'the sting of public embarrassment' have shown some improvement, said committee chairman Rep. W.J. 'Billy' Tauzin (R-La.), but federal departments overall 'are just treading water.' Tauzin cited a February report from the Health and Human Services Department inspector general about numerous system control weaknesses that permitted unauthorized access to Health Care Financing Administration data about beneficiaries.

Federal investigators are now working on 102 cases of intrusion into government systems, said Ronald L. Dick, director of the FBI's National Infrastructure Protection Center. Many cases involve multiple incidents, he said, and some cases involve hundreds of compromised systems.

Sallie McDonald, assistant commissioner in the General Services Administration's Office of Information Assurance and Critical Infrastructure, testified that about 80 percent of hacking incidents go unreported because systems operators are unaware of them. Last year there were 586 reported hacking incidents involving numerous civilian systems and 148 Defense Department systems, she said.

Most agencies with poor systems security have failed to establish agencywide security management frameworks, said Robert F. Dacey, the General Accounting Office's director of information security. To establish such frameworks, he said, they need program managers who understand the most critical and sensitive aspects of their missions as well as technical experts who can suggest control techniques.

Dacey declined to give an overall grade on government computer security but noted there had been no improvement since Rep. Steve Horn (R-Calif.) handed out grades last September.


  • 2020 Government Innovation Awards
    Government Innovation Awards -

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected