U.S. government's cyber security grade: D

The Cyber Security Industry Alliance has slapped three 'D' grades on the U.S. government's ability to secure sensitive data, strengthen the resiliency of critical infrastructure and protect the integrity of federal information.

The grades appear to be an improvement of last year's report card when the alliance handed out an F, six Ds, four Cs and a B but the alliance say Congress' inability to pass a comprehensive federal law to protect sensitive personal information, even in the face of more than 100 million Americans having their data records exposed, is a major red flag.

From the CSIA report card (PDF):

Security of Sensitive Information: Congress ratified the Council of Europe Convention on Cyber Crime but failed to pass a comprehensive law to protect sensitive personal information. Grade: D

Security & Resiliency of Critical Information Infrastructure: The Department of Homeland Security (DHS) appointed an Assistant Secretary for Cyber Security and Telecommunications and implemented programs such as LOGIIC and Cyber Storm, but hasn't offered a clear agenda on the Department's top cyber security R&D priorities or established a survivable emergency coordination network to handle a large-scale cyber security disaster. Grade: D

Federal Information Assurance: Government continues to offer a mixed bag of successes and failures, with progress within OMB and implementation of HSPD-12, but much improvement is needed in the areas of using the power of procurement, resolving systemic telework issues, and releasing information on the cost of cyber attacks. Grade: D