Many Federal Agencies Flunk Security

A new scorecard gives government agencies a D when it comes to securing networks and IT systems.

InformationWeek Staff, Contributor

December 9, 2003

2 Min Read
InformationWeek logo in a gray background | InformationWeek

Federal agencies have made only small improvements in securing government networks and IT systems from hackers and terrorists. A House panel on Tuesday issued a scorecard, giving the federal government an overall grade of D. Last year, the panel issued an overall grade of F. "It's nothing to be proud," said Rep. Adam Putnam, the Florida Republican who chairs a House subcommittee that oversees government IT, at a briefing announcing the scorecard.

Putnam griped that 19 of 24 agencies reviewed failed to complete an inventory of their mission-critical systems. "An agency can't ensure its systems are secure if it can't account for all of its mission-critical systems," he said. "Everything starts with the inventory, and this aspect must improve--and improve quickly."

Last year, 13 agencies received F's; this year eight agencies received the failing grade, including the Department of Homeland Security, which was ranked for the first time because it's a new agency. Putnam says that score is understandable since, as a new agency, it's been concentrating on getting the department up and running. Among the other departments receiving F's: Agriculture, Health and Human Services, Housing and Urban Development, Interior, Justice, and State. Two agencies saw their grades fall: NASA to D- from D+ and Health and Human Services to F from D-.

There were a few bright spots. The agency with the biggest gain--the National Science Foundation--improved to an A- from a D- last year. The highest-ranked agency, the Nuclear Regulatory Commission, received an A, up from a C last year. Other agencies receiving top grades: the Social Security administration, to B+ from B-; and the Labor Department, to B from C+.

Agencies with high scores fully inventoried their critical IT assets, identified critical infrastructure and mission-critical systems, established strong incident identification and reporting procedures, tightened controls over contractors, and developed strong plans of action and milestones that serve as guides for finding and eliminating security weaknesses.

House Government Reform Committee chairman Tom Davis, R.-Va., says many departments still don't take information security seriously. "Clearly," he said, "our goal of making computer security a constant management focus has not been met."

The report can be found at the Web site of the House Government Reform Subcommittee on Technology Information Policy, Intergovernmental Relations, and the Census.

Read more about:

20032003
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights