U.S. agencies flunk computer securitygreenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread
U.S. agencies flunk computer security
Tuesday, September 12, 2000
By JESSE J. HOLLAND
WASHINGTON - A fourth of the federal governments major agencies, including the Department of Justice, flunked a computer security review.
The Fs given to seven of the 24 major agencies, based on agency-reported data and General Accounting Office and the Inspector General audits, led to a governmentwide grade of D-minus, said Rep. Stephen Horn, Republican of California, chairman of the House Government Reform Committees technology subcommittee.
All the departments that flunked keep important computer data, said Horn, who called the scores the first governmentwide assessment of computer security.
"The Department of Labor, charged with maintaining vital employment statistics, an F," said Horn, as his staffers passed out fake report cards to the media. "The Department of the Interior, which manages the nations public lands, an F.
"The Department of Health and Human Services that holds personal information on every citizen who receives Medicare, another F.
"Agriculture and Justice, the Small Business Administration and the Office of Personnel Management, the personnel office for the entire federal government, all Fs."
All 24 agencies have significant problems in allowing unauthorized access to sensitive information, said Joel Willemssen, director of the GAOs accounting and information management division. Auditors proved that point by trying to hack into government computers from remote locations.
"Our auditors have been successful, in almost every test, in readily gaining unauthorized access that would allow intruders to read, modify or delete data for whatever purpose they have in mind," the GAO report said.
The agencies arent good at overseeing access inside their own work forces, either, the report said.
The governments patchwork funding for computer security is partly to blame, said John Gilligan, the Energy Departments chief information officer and co-chair of the Chief Information Officer Council Committee on Security, Privacy and Critical Infrastructure Protection.
"It is an area where the executive and legislature are failing," he said.
)2000 THE PLAIN DEALER. Used with permission.
-- Carl Jenkins (Somewherepress@aol.com), September 12, 2000