Get out! "U.S. computer security gets poor grade."
Results 1 to 5 of 5

Thread: Get out! "U.S. computer security gets poor grade."

  1. #1
    Senior Member genXer's Avatar
    Join Date
    Jun 2005
    Posts
    252

    Angry Get out! "U.S. computer security gets poor grade."

    Dag-nab-it! or is "DOH!" more appropriate?

    Will anyone lose their job over this? Anyone here working for for the US Gov hear of this? Ideas on how they're going to resolve this? Do I dare ask if it's a budget issue?

    If this was in the private sector, just a few people would be fired and/or given a lower broadband level (demoted - heh).

    U.S. computer security gets poor grade
    Published: 2006-03-17

    The federal agencies that make up the U.S. government have still not locked down their computers in accordance with a legislative mandate, according to a report published on Thursday.

    The report, part of an annual ritual required by the Federal Information Security Management Act (FISMA) of 2002, gives grades to the two dozen agencies that make up the U.S. government. In 2005, eight agencies--including the Department of Defense, Department of Homeland Security and Department of Energy--received failing marks.

    "This year, the federal government as a whole hardly improved, receiving a D+ yet again," Rep. Tom Davis, R-Virg., chairman of the House Committee on Government Reform, said in a statement. "Our analysis reveals that the scores for the Department of Defense, Homeland Security, Justice (and) State--the agencies on the front line in the war on terrorism--remained unacceptably low or dropped precipitously."

    The latest report card comes as various agencies continue to struggle with how to secure their systems in the digital age. The control systems used by the nation's utilities and communications networks are still not adequately secured, while government and corporate computer systems have begun to be increasingly targeted by stealthy attacks.

    The agency that should be leading the pack, the Department of Homeland Security, still remains far behind. The DHS got its third F in a row. Yet that belies the progress that has been made, Scott Charbo, the chief information officer for the DHS, said in a statement.

    Calling compliance with FISMA a "top priority," the CIO explained that the agency had surveyed the applications it uses, deployed tools to accredit systems and established metrics for security. In the past five months, it has accredited an additional 34 percent of its systems, bringing the total to 60 percent. Charbo expects the DHS to have all its systems accredited by the end of 2006.

    Michael Chertoff, the Secretary of Homeland Security, has yet to choose a person to fill the recently-created position of assistant secretary for cybersecurity at the agency.
    Source: http://www.securityfocus.com/brief/167

    Poster @ SecurityFocus: Robert Lemos
    \"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.

  2. #2
    Banned
    Join Date
    Apr 2003
    Posts
    1,146
    I'm thinking it if more of a regulations issue. There is more involved in the requirements for checking boxes on forms than actually making systems secure.

    SANS has been commenting on this in their newletters. Check them out at http://www.sans.org/newsletters/


  3. #3
    Senior Member Spekter1080's Avatar
    Join Date
    Oct 2005
    Location
    Iowa
    Posts
    101
    why!!! *drops to knees* por que!!!

    this really doesn't surprise me, however.....it is the government after all...they are good at getting nothing done
    there's always a way in...

  4. #4
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    I'd just like to point out this article http://www.investors.com/editorial/I...issue=20060316.

    The United States Agency for International Development, USAID, scored best with 100%.
    With data, USAID had a way to measure security performance. Managers could make better-informed decisions about security.

    USAID started doing vulnerability scans of the 16,000 devices on its networks 10 times a month. It uses software from NCircle Network Security and others to tell where patches are needed, misconfigurations exist and passwords lack strength. The point of the scans is this, says Tim Keanini, NCircle's chief technology officer: "I need to know, prior to my adversary knowing, where the weaknesses are."

    USAID spent a little more than $200,000 on related technology. Three products it uses are NCircle's IP360 vulnerability and risk management software, Skybox Security's Skybox View suite and NetForensics' NFX Open Security Platform. "We run through some threat scenarios nightly," Heneghan said.
    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  5. #5
    Senior Member genXer's Avatar
    Join Date
    Jun 2005
    Posts
    252
    I'd just like to point out this article[...]
    Cool - thanks HT - always good and responsible to ensure we have as much information as possible. It does seem like the govt faces many challenges, both technically and politically in trying to get their security up to par - along with keeping business running. I just wonder if the right priority and support is given to the IT and/or security groups trying to implement better security.
    \"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •