Federal security misses the mark

[William Knowles <wk () C4I ORG>]

http://www.fcw.com/fcw/articles/2000/0911/web-grade-09-12-00.asp

BY Diane Frank
09/12/2000

Rep. Stephen Horn (R-Calif.) gave the government a D-minus in his
first set of grades issued on the state of agencies computer security
practices.

In issuing the grades Monday, Horn also promised to help agencies get
more money to help improve the security grades, which follow in the
steps of his Year 2000 preparedness report cards.

The grades are based on a self-assessment by each agency or
department, using a six-page questionnaire provided by Horns staff on
the House Reform Committees Government Management, Information and
Technology Subcommittee. Those answers were combined with the results
of inspector general and General Accounting Office audits and
independent evaluations performed by private-sector consultants during
the past year.

While some agencies under larger departments submitted their own
questionnaires, the committee staff and GAO rolled most into a single,
departmentwide grade from A to F that provides a "snapshot" of each
agencys security posture.

"This report card sets a baseline for future oversight and also serves
as a wake-up call for agencies," Horn said.

Agency officials are just as frustrated as everyone else when it comes
to the slow pace of security improvement, but they are dealing with
more complex issues, as every employee has become a factor in each
agencys security, said John Gilligan, chief information officer at the
Energy Department and co-chairman of the CIO Councils security
committee.

"Federal CIOs are not asleep at the wheel," he said.

Horn said he will work with the CIO Council, the Office of Management
and Budget as well as agencies to talk with congressional
authorization and appropriations committees about funding agency
security programs and cross-government initiatives. With a budget
surplus projected for the next fiscal year, now is the time for
agencies to lobby to reprogram some of that money for their security
initiatives, Horn said.

"If theyre serious, this is the time to get a few million here and
there," he said.


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".