You May Secure Your System, But Does the Goverment

Following 9/11, security became a major issue for the United States government. From airports to shipping ports, regulations were passed and scrutiny increased. However, cybersecurity, one of the biggest threats to national security, has been largely ignored. Every year 24 governmental organizations are graded based on their compliance with the Federal Information Security Management Act (FISMA). In 2006 the overall grade was a C-. While this was actually an improvement over the initial D given out in 2003, eight departments still received F’s and one, the Department of Veterans Affairs, didn’t even bother to submit an audit report. In fact the Department of Homeland Security itself only received a D in the 2006 audit.

The reason that these abysmal grades should matter to the general public is that it is their information and safety that is at risk. A study found that the Department of Homeland Security’s travel database, which contains sensitive personal information, has a number of significant security holes that leave all of its data open to attack, possibly without anyone ever knowing. However this is better than the Department of Energy, which sent classified information over the Internet.

These flaws have already resulted in major security breaches. The Department of State was hacked. The attackers installed remote access software and stole passwords and classified information. Attacks based out of China have also successfully infiltrated a number of departments including the Department of Commerce and just in the past week reports have indicated that the Chinese government was involved in an attack on the Pentagon’s computers. (http://www.securityfocus.com/news/11485). These are not isolated problems. There have been 844 significant incidents in the past two years alone. If the government truly wants to improve security, cybersecurity needs to become a focus.


See http://www.securityfocus.com/news/11472 for more information.