To home page Classifieds Search the site Have your say in forums Chat Weather information
Marketplace  |   Services  |   Contact Us  |   Community  |   Arts & Entertainment  |   Local Guides
graphic header for Caller.com

National/World News
Archives | Arts & Entertainment | Audio/Video | Business | Classifieds | Columns | Food | Forums | Health & Fitness | News | Obits | Opinions | People | Politics | Science/Technology | Search | Sports | Subscribe | Travel | Weather

Published by the Corpus Christi Caller-Times. CLICK FOR NEWSPAPER DELIVERY

Saturday, November 10, 2001

Federal government fails computer security review

Two-thirds of agencies, including Defense, Justice, got failing grades on 'computer security report card'

By Ted Bridis
Associated Press

   WASHINGTON - Despite dramatically tighter security at U.S. buildings since the terrorist attacks, a House panel is giving the government failing marks for lax protection of federal computer networks against hackers, terrorists and others.
   The "F" grade dropped from the "D-" that the government earned in September 2000. Fully two-thirds of federal agencies - including the departments of Defense, Commerce, Energy, Justice and Treasury - flunked the latest "computer security report card."
   "The nation cannot afford to ignore the risks associated with cyber-attacks," said Rep. Stephen Horn, R-Calif., chairman of the House Government Reform subcommittee on government efficiency.
   "Federal agencies rely on computer systems to support critical operations that are essential to the health and well-being of millions of Americans."
   The National Science Foundation, with "B+" marks, ranked best of the 24 largest agencies and departments; the Social Security Administration was given a "C+" and NASA was given a "C-" grade.
   'An important step'
   The grades were based on information the departments gave to the Office of Management and Budget. Under a new federal law, agencies must report regularly to OMB on their efforts to keep computers safe.
   Congressional investigators from the General Accounting Office considered whether agencies had developed security policies or plans, such as limiting the ability of users to install rogue software.
   Robert Dacey, the GAO's director for information security, told the panel that worse grades this year don't necessarily mean that security worsened. He said weaknesses are becoming more identifiable and understood, "an important step toward addressing the problem." But investigators still found "serious, pervasive weaknesses," he said.
   Easily accessed
   The GAO routinely hacks into federal computers to test security and rarely fails. At the Commerce Department, for example, the GAO in August found some computers didn't require any passwords; some used "password" as the password; and entire lists of passwords were stored in plain view on the computers themselves. When one Commerce employee detected investigators trying to hack the agency's computers during their testing, he launched an illegal, electronic counterattack against the GAO.
   Dacey praised the Bush administration's recent appointment of a special adviser for cyberspace security but said U.S. efforts "are not keeping pace with the growing threats."
   The Environmental Protection Agency and State Department were given "D+" grades in the latest listing. The General Services Administration, Federal Emergency Management Agency and Housing and Urban Development Department earned "D" marks.
   Horn said those agencies "managed to keep their heads above water, but just barely."
   Other agencies that earned an "F" were the: Agriculture Department, Agency for International Development, Education, Health and Human Services, Interior and Labor departments, Office of Personnel Management, Small Business Administration, and the Transportation and Veterans Affairs departments.
  
  


| Talk about this story | Next Story | Home |
Scripps logo
  © 2001, a Scripps Howard newspaper. All rights reserved.
spacer spacer

Search our site: