Agencies still lax on systems security

Agencies still lax on systems security

By Tony Lee Orr

GCN Staff

APRIL 6'The government's failure to secure systems is leaving its computer infrastructure open to significant risk, witnesses told the House Energy and Commerce subcommittee on Oversight and Investigations yesterday.

Agencies that have felt 'the sting of public embarrassment' have shown some improvement, said committee chairman Rep. W.J. 'Billy' Tauzin (R-La.), but federal departments overall 'are just treading water.' Tauzin cited a February report from the Health and Human Services Department inspector general about numerous system control weaknesses that permitted unauthorized access to Health Care Financing Administration data about beneficiaries.

Federal investigators are now working on 102 cases of intrusion into government systems, said Ronald L. Dick, director of the FBI's National Infrastructure Protection Center. Many cases involve multiple incidents, he said, and some cases involve hundreds of compromised systems.

Sallie McDonald, assistant commissioner in the General Services Administration's Office of Information Assurance and Critical Infrastructure, testified that about 80 percent of hacking incidents go unreported because systems operators are unaware of them. Last year there were 586 reported hacking incidents involving numerous civilian systems and 148 Defense Department systems, she said.

Most agencies with poor systems security have failed to establish agencywide security management frameworks, said Robert F. Dacey, the General Accounting Office's director of information security. To establish such frameworks, he said, they need program managers who understand the most critical and sensitive aspects of their missions as well as technical experts who can suggest control techniques.

Dacey declined to give an overall grade on government computer security but noted there had been no improvement since Rep. Steve Horn (R-Calif.) handed out grades last September.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected