December 14th, 2005

Failing grades on cybersecurity for federal govt.

Posted by ZDNet @ December 14, 2005 @ 8:49 PM

Categories: Government technology, IT Management

Tags: Government, Cyber Security, Cybersecurity, Industry Alliance, ZDNet

An industry alliance has given the Bush Administration failing grades on cybersecurity efforts, saying the government has done little to enhance consumer or business security. In its Agenda 2006 document, the Cyber Security Industry Alliance grades the government on how well its responded to the key subjects the group layed out a year ago. The answer: not well. The Washington Post has more

Here’s the rundown:

• Establish a new cyber security post in the Department of Homeland Security

Position created but never filled.

Grade: C

• Ratify the Council of Europe’s Convention on Cyber Crime

Senate Foreign Relations Committee referred
Convention to Senate for ratification but no
vote has been taken

Grade: B

• Promote information security corporate governance in the private sector

Little to no action

D

• Lead by example in federal procurement practices

OMB may establish a separate line of business for cyber security; and an interim rule requires agencies to plan for security and seek advice from security professionals, however enforcement is unclear.

C

• Closing the strategic gap between the government and private sector information security efforts

The Federal government is too focused on
collecting information relevant only to the
security of national security systems; it must
include data for the private sector to
effectively improve information security

D

• Strengthen information sharing

Little action by the Federal government while legal and organizational issues continue to cause uncertainly in the private sector – slowing information sharing mechanisms

D

• Establish and test a survivable emergency coordination network

DHS established the Homeland Security
Information Network-Critical Infrastructure
(HSIN-CI), but the network is Internet-based
and subject to outage.

C

• Direct a federal agency to track costs associated with cyber attacks

Little action, though DHS is sponsoring limited
economic analysis of the cost of cyber
attacks and Justice has initiated a survey on
the costs to business of attacks

D

• Increase R&D funding for cyber security

Despite a presidential
panel that declared a
crisis in cyber security R&D, funding
remains flat and clear priorities absent

D

• Fund authorized responsibilities for NIST and OMB

Appropriated funding does not cover statutory
responsibilities for cyber security by these
agencies

D

• Improve the quality of software cyber security by strengthening NIAP Certification

A study by DoD and DHS on the effectiveness
of NIAP was not shared with the public, so
no data is available to show how NIAP
certification improves information assurance

F

• Secure Digital Control Systems

DoE and DHS are creating a roadmap to
secure energy controls and are funding
digital control systems testbeds

C