Saturday, November 10, 2001

Despite dramatically tighter security at U.S. buildings since the terrorist attacks, a House panel is giving the government failing marks for lax protection of federal computer networks against hackers, terrorists and others.
The “F” grade dropped from the “D-” that the government earned in September 2000. Fully two-thirds of federal agencies including the departments of Defense, Commerce, Energy, Justice and Treasury flunked the latest governmentwide “computer-security report card.”
“The nation cannot afford to ignore the risks associated with cyber-attacks,” said Rep. Steve Horn, California Republican, chairman of the House Government Reform subcommittee on government efficiency. “Federal agencies rely on computer systems to support critical operations that are essential to the health and well-being of millions of Americans.”
The National Science Foundation, with “B+” marks, ranked best of the 24 largest agencies and departments; the Social Security Administration was given a “C+” and NASA was given a “C-” grade.
The grades were based on information the departments gave to the Office of Management and Budget. Under a new federal law, agencies must report regularly to OMB on their efforts to keep computers safe.
Congressional investigators from the General Accounting Office considered whether agencies had developed security policies or plans, such as limiting the ability of users to install rogue software.
Robert Dacy, the GAO’s director for information security, told the panel that worse grades this year don’t necessarily mean that security worsened. He said weaknesses are becoming more identifiable and understood, “an important step toward addressing the problem.” But investigators still found “serious, pervasive weaknesses,” he said.
The GAO routinely hacks into federal computers to test security and rarely fails. At the Commerce Department, for example, the GAO in August found some computers didn’t require any passwords; some used “password” as the password; and entire lists of passwords were stored in plain view on the computers. When one Commerce employee detected investigators trying to hack the agency’s computers during their testing, he started an illegal, electronic counterattack.
Mr. Dacy praised as laudable the Bush administration’s recent appointment of a special adviser for cyberspace security, but said U.S. efforts “are not keeping pace with the growing threats.”

Copyright © 2021 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.

Click to Read More and View Comments

Click to Hide