For the fourth year, the House Committee on Government Reform evaluated the computer security practices of federal agencies. And for the fourth year, it looks like our federal computer security sucks.
The overall grade was “D”, with several agencies earning the coveted “F” mark. The Department for Homeland Security– evaluated for the first time– got a big fat “F”. That’s particularly interesting, as one of their missions is to secure the national computer networks. Apparently they can’t even secure their own.
So, this begs the question: we appear to be dumping vast sums of money into the Homeland Security initiatives, yet we’re constantly reading about how airport security is just as lax as ever (although far more irritating), and now it seems the computer networks are in terrible shape. What, exactly, are the money and all the new agencies doing for us?
Maybe it’s because of my vocation, but I’d argue that in the 21st century it’s computer networks that are the “targets” for the Bad Guys. Physical security is important, but no one’s going to crash a jet any more– they’re going to try to take down the power grid, or disrupt the water supply, or just throw the federal government into chaos by scrambling computer links. Cyber-terrorism and bio-terrorism are the ones to watch out for.
Sigh. If only I was in charge…