Government
Failing grades on cybersecurity for federal govt.
An industry alliance has given the Bush Administration failing grades on cybersecurity efforts, saying the government has done little to enhance consumer or business security.
An industry alliance has given the Bush Administration failing grades on cybersecurity efforts, saying the government has done little to enhance consumer or business security. In its Agenda 2006 document, the Cyber Security Industry Alliance grades the government on how well its responded to the key subjects the group layed out a year ago. The answer: not well. The Washington Post has more
Here's the rundown:
Here's the rundown:
- Establish a new cyber security post in the Department of Homeland Security
Position created but never filled.
Grade: C
- Ratify the Council of Europe’s Convention on Cyber Crime
Senate Foreign Relations Committee referred
Convention to Senate for ratification but no
vote has been taken
Grade: B
- Promote information security corporate governance in the private sector
Little to no action
D
- Lead by example in federal procurement practices
OMB may establish a separate line of business for cyber security; and an interim rule requires agencies to plan for security and seek advice from security professionals, however enforcement is unclear.
C
- Closing the strategic gap between the government and private sector information security efforts
The Federal government is too focused on
collecting information relevant only to the
security of national security systems; it must
include data for the private sector to
effectively improve information security
D
- Strengthen information sharing
Little action by the Federal government while legal and organizational issues continue to cause uncertainly in the private sector – slowing information sharing mechanisms
D
- Establish and test a survivable emergency coordination network
DHS established the Homeland Security
C
Information Network-Critical Infrastructure
(HSIN-CI), but the network is Internet-based
and subject to outage.
- Direct a federal agency to track costs associated with cyber attacks
Little action, though DHS is sponsoring limited
economic analysis of the cost of cyber
attacks and Justice has initiated a survey on
the costs to business of attacks
D
- Increase R&D funding for cyber security
Despite a presidential
panel that declared a
crisis in cyber security R&D, funding
remains flat and clear priorities absent
D
- Fund authorized responsibilities for NIST and OMB
Appropriated funding does not cover statutory
D
responsibilities for cyber security by these
agencies
- Improve the quality of software cyber security by strengthening NIAP Certification
A study by DoD and DHS on the effectiveness
of NIAP was not shared with the public, so
no data is available to show how NIAP
certification improves information assurance
F
- Secure Digital Control Systems
DoE and DHS are creating a roadmap to
secure energy controls and are funding
digital control systems testbeds
C