- The Washington Times - Wednesday, November 20, 2002

Some of the U.S. government's most important computer systems continue to suffer significant security lapses despite a renewed focus on protecting them against terrorist attacks, congressional investigators say.
That assessment from the House Government Reform subcommittee on government efficiency, financial management and intergovernmental relations was based largely on a new report from congressional investigators that found pervasive weaknesses in federal technology systems at the 24 largest departments and agencies.
Overall, the government flunked.
Four departments, including the Federal Emergency Management Agency, also failed individually. The best marks a B-minus were handed to the Social Security Administration and the tiny Agency for International Development.
Rep. Steve Horn, California Republican, the subcommittee's chairman, described efforts at the Social Security Administration as a "shining example of sound leadership and focused attention" on computer security.
Among the worst problems governmentwide were weak protections at nearly all agencies against insiders attempting sabotage or trying to profit personally by destroying or stealing sensitive information.
The failures put at risk federal payments, taxpayer data and medical records. "Critical federal operations and assets remain at risk," said a new report from the General Accounting Office.
The Transportation Department's inspector general, Kenneth Mead, cited some improvements from last year, but he admitted the agency "still has a long way to go to adequately secure its computer systems."
Mr. Mead said hackers could sneak into the agency's computer systems through unsecured connections or telephone lines, and Transportation officials failed last year to report to U.S. investigators three successful hacker break-ins to their Web sites.
Investigators said serious problems persist with government plans to continue operating during attacks or interruptions, which they said are particularly important in the aftermath of the September 11 terror attacks.
There was some good news: Security was slightly better overall than in past years, and investigators said many of the latest problems were discovered during broad audits aimed specifically at finding such lapses. As these audits become more intense, more faults probably will be discovered, the GAO predicted.
One expert said part of the blame falls on software designers who rush to sell products without ensuring the programs are resistant to hackers.
"We continue to see the same types of vulnerabilities in newer versions of products that we saw in earlier versions," said Richard Pethia of the federally funded CERT Coordination Center. "Until customers demand products that are more secure or there are changes in the way legal and liability issues are handled, the situation is unlikely to change."

Sign up for Daily Newsletters

Copyright © 2019 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times welcomes your comments on Spot.im, our third-party provider. Please read our Comment Policy before commenting.


Click to Read More and View Comments

Click to Hide