Failing grades on cybersecurity for federal govt.

An industry alliance has given the Bush Administration failing grades on cybersecurity efforts, saying the government has done little to enhance consumer or business security.

An industry alliance has given the Bush Administration failing grades on cybersecurity efforts, saying the government has done little to enhance consumer or business security. In its Agenda 2006 document, the Cyber Security Industry Alliance grades the government on how well its responded to the key subjects the group layed out a year ago. The answer: not well. The Washington Post has more

Here's the rundown:

  • Establish a new cyber security post in the Department of Homeland Security
Position created but never filled.
Grade: C

  • Ratify the Council of Europe’s Convention on Cyber Crime
Senate Foreign Relations Committee referred
Convention to Senate for ratification but no
vote has been taken
Grade: B

  • Promote information security corporate governance in the private sector
Little to no action

D
  • Lead by example in federal procurement practices
OMB may establish a separate line of business for cyber security; and an interim rule requires agencies to plan for security and seek advice from security professionals, however enforcement is unclear.

C
  • Closing the strategic gap between the government and private sector information security efforts
The Federal government is too focused on
collecting information relevant only to the
security of national security systems; it must
include data for the private sector to
effectively improve information security

D
  • Strengthen information sharing
Little action by the Federal government while legal and organizational issues continue to cause uncertainly in the private sector – slowing information sharing mechanisms
D

  • Establish and test a survivable emergency coordination network

DHS established the Homeland Security
Information Network-Critical Infrastructure
(HSIN-CI), but the network is Internet-based
and subject to outage.

C
  • Direct a federal agency to track costs associated with cyber attacks

 

Little action, though DHS is sponsoring limited
economic analysis of the cost of cyber
attacks and Justice has initiated a survey on
the costs to business of attacks

D


  • Increase R&D funding for cyber security

 

Despite a presidential
panel that declared a
crisis in cyber security R&D, funding
remains flat and clear priorities absent

D

 

  • Fund authorized responsibilities for NIST and OMB

Appropriated funding does not cover statutory
responsibilities for cyber security by these
agencies

D
  • Improve the quality of software cyber security by strengthening NIAP Certification
A study by DoD and DHS on the effectiveness
of NIAP was not shared with the public, so
no data is available to show how NIAP
certification improves information assurance

F

  • Secure Digital Control Systems

 

DoE and DHS are creating a roadmap to
secure energy controls and are funding
digital control systems testbeds

C


Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All