A House subcommittee hearing Thursday on cybersecurity generated a number of disturbing questions regarding federal agencies' ability to protect sensitive data.
Here's a
good story, from which I have compiled the following Bullet Points o' Trouble:
21 of 24 major federal agencies had weak or deficient information security controls in place during the past fiscal year.
That's 87.5 percent of major federal agencies. Just putting a "no-spin" number on it.
"We don't know who's inside our networks," subcommittee chairman Rep. James Langevin (D-R.I.) said. "We don't know what information has been stolen."
Political rhetoric, perhaps, but accurate nonetheless. A new GAO study cited a number of security flaws, including:
"[F]ailing to replace well-known vendor-supplied passwords on systems to not encrypting sensitive information to not creating adequate audit logs to track activity on their systems" (as CNET News reports).
Among the worst of the federal agencies are the State and Commerce departments. For their "efforts" to comply with the Federal Information Security Management Act of 2002, each received a grade of "F". I think Foggy Bottom can forget all about the prom this year.
The Department of Homeland Security earned a "D" in information security.
Hidden good news in the above Bullet Point o' Trouble ("good" being used loosely here): It's the first time ever that Homeland
didn't get an "F"! Thank you, Sylvan Learning Center!
All kidding aside, it boggles the mind that our federal agencies continue to expand the definition of incompetence when it comes to protecting sensitive information on their networks. Let's hope a new Congress can force positive change.
Comment and Contribute
