Skip to site navigation Skip to main content Skip to footer content Skip to Site Search page Skip to People Search page

Bylined Articles

Computer (in)security: good enough for government work

By Eric J. Sinrod
February 23, 2005
USAToday.com

Computer (in)security: good enough for government work

By Eric J. Sinrod
February 23, 2005
USAToday.com

Read below

Who you are going to call when it comes to computer security? Not the federal government, according to grades given to the largest agencies and departments under the Federal Information Security Management Act (FISMA). Indeed, the government-wide grade was a D+ for 2004.

The following departments received a resounding F for 2004 computer security: Commerce, Veterans Affairs, Agriculture, Health and Human Services, Energy, Housing and Urban Development and Homeland Security (ironic, no?). Of this group, Veterans Affairs fell from the C it earned in 2003, and Commerce dropped from its 2003 C-minus.

NASA and the Small Business Administration earned D-minus grades for 2004. The latter fell from its 2003 C-minus, while the former held steady from its 2003 D-minus score.

The Department of Defense (are you feeling secure yet?) earned a D for 2004, as it did in 2003, and the Department of Treasury improved from its 2003 D to a 2004 D+, while the Department of State (comforting!) improved from its 2003 F to a 2004 D+.

The Office of Personnel Management earned a C-minus, the Department of Education merited a C, and the General Services Administration, the National Science Foundation, and the Department of Interior received C+ grades. Of this group, the only real improvement goes to the Department of Interior, which climbed from its 2003 F. Strikingly, the National Science Foundation fell from its 2003 A-minus.

The Department of Labor and the Department of Justice received B-minus grades for 2004, which was a strong improvement from the latter's 2003 F grade, whereas the former had a higher grade in 2003.

The Social Security Administration and the Environmental Protection Agency earned B grades for 2004, which was a decline for the latter but an improvement for the former from 2003.

The Nuclear Regulatory Commission received a B+ grade for 2004, which sounds good. However, it received an A in 2003.

The Department of Transportation was a bright spot, receiving an A-minus grade for 2004, up from a D+ grade in 2003. Likewise, the Agency for International Development earned an A+ grade in 2004, much improved over its C-minus 2003 grade.

Plainly, these grades are in the main unacceptable. The failures in federal computer security must be identified and appropriate resources should be dedicated to create true government computer security. This, obviously, is one area where money can be spent at home to help our security.

Eric Sinrod is a partner in the San Francisco office of Duane Morris (www.duanemorris.com), where he focuses on litigation matters of various types, including information technology disputes. His column appears Wednesdays at USATODAY.com. His Web site is www.sinrodlaw.com, and he can be reached at . To receive a weekly e-mail link to Mr. Sinrod's columns, please send an e-mail with the word Subscribe in the Subject line to .

Reprinted here with permission from USAToday.com.