DHS Gets Another "F" In Cyber Security 169
An anonymous reader writes "For the third straight year, the Department of Homeland Security -- which is charged with charting the federal government's cyber security agenda -- earned a grade of "F" for computer security from a key congressional oversight committee, according to a story at Washingtonpost.com. Not only did the overall government-wide computer security grade remain flat (at a barely-passing "D+" but several agencies -- mostly those on the "front lines in the war on terror" -- actually managed to fare worse this year."
Do we live in a developed country? (Score:5, Interesting)
Re:Do we live in a developed country? (Score:5, Interesting)
Speaking as an outsider (I am an Australian) I think the USA does many things very well. But because the US is a very big country, there are always plenty of stories to tell about people being incompetent. You could put any 10 European countries together and get a similar picture.
One problem, I think, is that homeland security (at least since 2001) is being built from scratch as an organisation. New outfits tend to get "business as usual" infrastructure much as would be used for an accounting firm or some such. If they went to an established agency like the FBI they might get less modern but more secure solutions.
resembles department culture as a whole? (Score:5, Interesting)
It figures. Institutions like the DHS are completely focused on administrative, paper-tiger, security. Which in the end doesn't end up in a real security for anyone, but instead a freedom-diminishing administrative load on everyone.
The National Science Foundation and the General Services Administration each saw their scores rise from a C-plus in 2004 to an A last year. The Environmental Protection Agency and the Department of Labor earned A-plus grades in 2005, up from B and B-minus respectively.
Good to see there are competent people out there, it should not be impossible. It's just sad that the more 'safety-critical' the organization is, the more sloppy they get on critical points in their organization.
They want to be attacked (Score:5, Interesting)
lawnmower racing (Score:2, Interesting)
Get some facts (Score:2, Interesting)
Re:Do we live in a developed country? (Score:3, Interesting)
Re:Do we live in a developed country? (Score:4, Interesting)
Or the 25 countries..
Hell yeah. Brussels' ineffectiveness at spending money is legendary. The regional development funds are, on the whole, pretty well used to improve infrastructure in poorer countries (for example, the current Irish economic boom has a lot to thank Brussels for), but God help anyone who tries to makes sense of the Common Agricultural Policy. That thing's an incredible black hole for money.
And that's quite apart from the notorious corruption in Brussels itself. MEPs and Brussels bureaucrats have generous expense accounts and perks, which have been... creatively used from time to time.
Part of the problem, I think, is that Brussels isn't a real government. It doesn't raise money by taxation, but by contributions from the 25 governments which do; thus it doesn't feel so directly accountable for what it does with the money. And turnouts for elections to the European parliament are generally far lower than those for the national elections, so MEPs get the (correct) impression that their constituents don't really give a damn what they do...
Is anyone really surprised by this finding? (Score:2, Interesting)
Only a few agencies improved and those agencies aren't even as significantly correlated to security as the likes of DHS, etc.
It feels a lot like hypocrisy to me, when the gov't continuously appears to be able to fail and get away with it but we normal, everyday citizens cannot "officially" get away with much at all.
I wish there was some undiscovered land to be found because I feel the spirit of Christopher Columbus wanting to escape all this seemingly irreparable beaurocracy and start anew elsewhere.
Re:Get some facts (Score:3, Interesting)
You obviously don't understand what this OMB report is all about... It's a report card on FISMA compliance, not on the level of Security inherent to the environment at any of those Agencies.
This was an auditing exercise... Not a Systems Penetration test.
The Agencies you cite from the article (NSF, GSA, EPA, and Dept. of Labor) have only demonstrated their ability to contend with the paper tiger of FISMA compliance, which is, frankly, what I'd expect from a bunch of pencil pushers and petty buearocrats of the type you'd find at any of those agencies.
I'm not defending DHS. They should be doing a better job, but as a previous poster accurately pointed out, this is not a 3-year old Department built from scratch. This is a conglomeration of 22 federal agencies that each had historical ties to other Departments until 3 years ago, and they are now in the midst of the largest "Corporate Merger" in history. If you don't think it takes some time to get your arms around something like that, I'd like to see you give it a try.