U.S. Agencies Earn D+ on Computer Security

MirrororriM writes "Seven of the 24 largest agencies received failing grades, including the departments of Energy and Homeland Security. The Homeland Security Department encompasses dozens of agencies and offices previously elsewhere in government but also includes the National Cyber Security Division, responsible for improving the security of the country's computer networks. 'Several agencies continue to receive failing grades, and that's unacceptable,' said Rep. Tom Davis, R-Va., the committee's chairman. 'We're also seeing some exceptional turnarounds.'"

The NSA?

[tajmorton]

What about the NSA? I'm sure that they take computer security a little more seriously. - Taj

Re:The NSA?

[digitalchinky]

Not really. Only the public interfaces.

Internally if you are cleared to see a certain group of things, the security is not so complex.

If you need access to VRK/TK type stuff, you get anal probing prior to accessing the restricted area - airgap with a big chunk of concrete thrown in the mix.

Why have 'huge' internal security when 'the man' already spends six months getting chatty with your friends, teachers, family, relatives, long lost loves from childhood, just to see if you can really be trusted with a clearance?

A TS clearance basically means you are 'trustworthy' - or you go to jail. Security vetting gets repeated every couple of years - sucks when you're in the Military and they want to know who your bestest work friends are that you've known for at least ten years.