Cybersecurity group gives feds failing grades

Congress needs to pass information protection law, DHS needs to prioritize cybersecurity research, FISMA needs to be strengthened, group says.
Written by Richard Koman, Contributor on
Despite all the security debacles of last year, the federal government is still woefully behind the 8-ball when it comes to protecting sensitive information. In an annual report (PDF) released yesterday the Cyber Security Industry Alliance says Congress and the Bush Administration should take aggressive actions to improve information security for citizens, industry and governments around the world, eWeek reports.
"While the government has taken some positive steps forward to improve the state of information security, action has been decidedly mixed," Liz Gasster, acting executive director and general counsel of CSIA, based in Arlington, Va., said in a statement.
In a separate Federal Progress Report for 2006, the group criticized Congress for failing to pass a comprehensive law to protect sensitive personal information, and the Department of Homeland Security for prioritizing cyber-security research and development and failing to establish an emergency coordination network to handle a large scale cyber-security disaster.
"CSIA commends the government for moving forward on several key initiatives, including the Senate's ratification of the Council of Europe's Convention on Cybercrime and the appointment of an Assistant Secretary for Cyber Security and Telecommunications," Gasster said.

"However, we are discouraged by Congress' inability to pass a comprehensive federal law to protect sensitive personal information, even in the face of more than 100 million Americans having their data records exposed. In 2007, CSIA will work even harder to urge swift action from Congress to pass this much-needed legislation."

The group also says that FISMA (the Federal Information Security Management Act) should be strengthened and that Congress should pass a law requiring the securing of sensitive personal information.

Will the new Congress perform better than the last? Gartner's John Pescatore is skeptical.

"The election season was the main interruption in Congress passing a data protection law," he said. "We believe Congress will pass a law in 2007, but odds are high that it will serve to lower the bar on data protection below the level that many states have set. Congress has a tendency to be more business and lobbyist-friendly than many state legislatures."
Editorial standards