Leading by example

Leading by example

Summary: The recent U.S. Government Accountability Office (GAO) report based on input from security personnel at 24 agencies warned that the federal government is not sufficiently addressing the threats brought by spam, phishing, and spyware.

SHARE:
TOPICS: Security
3

gao.jpgThe recent U.S. Government Accountability Office (GAO) report based on input from security personnel at 24 agencies warned that the federal government is not sufficiently addressing the threats brought by spam, phishing, and spyware. Many of the agencies were oblivious to the fact that phishing and pharming, for example, are major security risks.

Emerging cyberthreats such as spam, phishing, and spyware present substantial risks to the security of federal information systems. However, agencies have not fully addressed the risks of these threats as part of their FISMA-required agencywide information security programs. Although the federal government has efforts under way to help users and the privatesector community address spam, phishing, and spyware, similar efforts have not been made to assist federal agencies. Consequently, agencies remain unprepared to effectively detect, respond, and protect against the increasingly sophisticated and malicious threats that continue to place their systems and operations at risk.

Moreover, although OMB and DHS share responsibility for coordinating the federal government’s response to cyberthreats, guidance has not been provided to agencies on when and how to escalate incidents of emerging threats to DHS’s US-CERT. As a result, incident reporting from agencies is inconsistent at best. Until incident reporting roles, responsibilities, processes, and procedures are clarified, the federal government will be at a clear disadvantage in effectively identifying, mitigating, and potentially prosecuting sophisticated and coordinated attacks that target multiple federal entities.

I don't expect every federal government agency to be ahead of the private sector in dealing with cybersecurity, but combined with the GAO report concluding that the Department of Homeland Security will "have difficulty achieving significant results in strengthening the cybersecurity of our critical infrastructures" it's apparent that cybersecurity isn't a top priority. And, it won't be a top priority until after some castastrophic cyberattack occurs...

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Federal empolyees

    In my current position, I've had to work with federal employees at certain federal organisations. They are the laziest bunch of people I have ever come across.
    zzz1234567890
    • The "C" rule for federal employees

      It takes a C average (2.0) to graduate from college. Where do the 2.0 graduates go to work after college? The government.
      Roger Ramjet
    • Not all of them are...

      Just like any company, you have your good employees and your not-so-good employees. It just seems like most governement employees are of the latter type. IMHO, it stems from the fact that it takes a monumental effort to fire them.
      Patrick Jones