Homeland Security network gets an F
If the Department of Homeland Security were a high school student, it would be in severe danger of getting left back. For the second consecutive year the department has received a failing grade from the House Government Reform Committee for network security. The government as a whole received a D-plus, the same grade as last year.
Paul Kurtz, executive director of the Cyber Security Industry Alliance, said in a news release that the grades draw attention to something that's been a problem for a while.
"This report makes clear that major government agencies continue to run in place and make no appreciable progress," he said.
Kurtz said that the lack of progress for Homeland Security is especially bad as they are supposed to be a security leader among federal agencies.
"This begs the question: What can be done about the state of DHS cyber-security?" he said. "Hopefully they can make significant improvements before a major catastrophe."
"This year, the federal government as a whole hardly improved, receiving a D-plus yet again," said Rep. Tom Davis, R-Va., chairman of the committee. "Our analysis reveals that the scores for the Departments of Defense, Homeland Security, Justice, State -- the agencies on the front line in the war on terror -- remain unacceptably low or dropped precipitously."
Kurtz said that the committee's efforts in "holding agencies' feet to the fire" helped bring attention to poor security efforts.
Scot Montrey, communications director for the Cyber Security Industry Alliance, said that the committee's attempt to grade federal agencies on network security is useful in publicizing problems that arise.
"It's good that this is out there," Montrey said. "It's forcing the agencies to look at the issues, and creating accountability."
Montrey said that Homeland Security's grade should be especially noteworthy.
"A lot of time has gone by now" since the department's creation, he said. "It's time to start seeing some results."
According to Montrey, the lack of progress in grades among the entire government is a particular concern given how quickly new technology can bring about new threats in the form of cybercrime, spam and phishing.
"Even if everything is perfectly static, threats are continuing to rise," he said.
Montrey said that it would be beneficial for the Council of Europe's Convention on Cybercrime to finally move forward and get enacted by the U.S. Government.
The convention is merely awaiting a vote on the Senate floor. Two senators have anonymously placed holds on the convention to keep it from coming to a vote.
Montrey said that there's no obvious reason why a senator would want to keep the Convention on Cybercrime from coming to a vote.
"There are not a lot of substantive controversies to it," he said.
Montrey said the convention does not change any current U.S. law on cybercrime but codifies work between U.S. law-enforcement agencies and those overseas in order to better fight cybercrime internationally.
As a world power, "the U.S. has a responsibility to show leadership here," he said.
In addition to the Departments of Homeland Security, Justice, State and Defense, the Department of Human Health Services also got a failing grade from the committee.
On the other side, the Department of Labor, the Social Security Administration and the Environmental Protection Agency were among seven agencies receiving a grade of A.
Copyright 2006 by United Press International