[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] WP: US Behörden fallen beim "Cybertest" durch
Zusammenfassung des GAO-Berichts: Schlechte Noten für die
Computersicherheit in amerikanischen Behörden
Agencies Fail Cyber Test
Panel Notes 'Significant Weaknesses' in Computer Security
By Christopher Lee
Washington Post Staff Writer
Wednesday, November 20, 2002; Page A23
The federal government earned a failing grade yesterday for its
agencies' poor record of protecting vital computer systems from fraud,
misuse and cyber-terrorism.
The House Government Reform subcommittee on government efficiency
flunked 14 of the 24 largest departments and agencies, whose computer
security efforts were reviewed by the General Accounting Office and
found wanting. Another seven agencies earned a D and two were given Cs.
Only one, the Social Security Administration, got a B-minus, the highest
grade awarded to one of the major agencies.
"The overall government grade is an F, the same as last year," said Rep.
Stephen Horn (R-Calif.), the panel's chairman. "While 11 of the 24
agencies have shown some improvement, overall progress is slow. . . .
[T]he federal government's systems and assets remain vulnerable."
Investigators from the GAO, the congressional watchdog group, found
"significant weaknesses" in each of the 24 agencies. Many of the
failures involved inadequate access controls, leaving sensitive
information systems and data vulnerable to tampering by disgruntled
workers or attack by thieves or terrorists.
The weak spots could, for instance, lead to the loss or theft of federal
payments and collections. Information, such as Social Security and
medical records, could be inappropriately released or copied for
criminal purposes. Thieves might be able to obtain tax records and other
personal information to establish credit and rack up debt under someone
Protection of computer systems is important if the government is to keep
functioning during terrorist attacks or other interruptions,
In general, "poor information security is a widespread federal problem
with potentially devastating consequences," the GAO found, echoing its
But the report's author, Robert F. Dacey, director of information
security issues at the GAO, noted that reports of vulnerabilities do not
necessarily mean that computer security is actually getting worse.
"They are more likely to indicate that information security weaknesses
are becoming more fully understood -- an important step toward
addressing the overall problem," Dacey wrote. "Nevertheless, the results
leave no doubt that serious, pervasive weaknesses persist."
Among agencies with the worst grades were the departments of Justice,
State, Defense and Transportation.
Kenneth M. Mead, the inspector general at the Department of
Transportation, told the House panel that the agency had improved from
last year, when it also received a failing grade. But DOT still must
improve controls over access to sensitive systems by the "more than
100,000" agency employees, contractors, grantees and industry
associations who are authorized to pass through the agency's protective
firewall and enter its computer networks, Mead said.
"DOT is making progress," Mead said. "However, based on our recent
results, more work needs to be done and management attention should be
focused on identifying computer vulnerabilities that need immediate fixing."
At the Social Security Administration, which improved from a C-plus last
year to a B-minus this year, employees must notify officials when a
computer virus or intrusion is suspected. And information security is
routinely discussed at executive meetings, said James B. Lockhart, the
agency's deputy commissioner.
"We know we cannot rest on past practice, but must be vigilant in every
way we can," he said.
© 2002 The Washington Post Company
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.