Slashdot Mirror

← Back to Stories (view on slashdot.org)

U.S. Agencies Earn D+ on Computer Security

Posted by CowboyNeal on from the but-it-still-passes dept.

MirrororriM writes "Seven of the 24 largest agencies received failing grades, including the departments of Energy and Homeland Security. The Homeland Security Department encompasses dozens of agencies and offices previously elsewhere in government but also includes the National Cyber Security Division, responsible for improving the security of the country's computer networks. 'Several agencies continue to receive failing grades, and that's unacceptable,' said Rep. Tom Davis, R-Va., the committee's chairman. 'We're also seeing some exceptional turnarounds.'"

8 of 190 comments (clear)

  1. Well Slashdot earns a F for uptime by Anonymous Coward · · Score: -1, Offtopic

    503 Service Unavailable

    The service is not available. Please try again later.

    Give them a little credit when you can't do any better :)

  2. and... by Anonymous Coward · · Score: 0, Offtopic

    this surprises anyone?

  3. Re:Psst... by Anonymous Coward · · Score: -1, Offtopic

    holy shit, i got FP!

  4. FOIA makes computer security mute by Dancin_Santa · · Score: -1, Offtopic

    (First off, let's just get out of the way the fact that if they were using Macintoshes instead of Windows, they'd be secure by default.)

    But in another related vein, the Freedom of Information Act makes the process of hacking into a government computer system essentially mute. Whereas it took a lot of effort to break in and sirens went off when you were caught, now it is just a matter of saying "I want XYZ information" and the government hands it over on a silver platter.

    Since computer security is the least of the problems that the DHUD faces, perhaps they'd better spend money on training their officers rather than buying the latest and greatest obsolete laptops for their chiefs.

  5. SLASHDOT by Anonymous Coward · · Score: -1, Offtopic

    OMG this site sucks

  6. Responsibility and Enforcement by nboscia · · Score: 1, Offtopic

    I wish the government wouldn't be singled-out as this is a universal problem, no matter who owns the computer. The underlying problem, IMO, is that too many people want adminstrator rights to systems who know nothing about how to be an administrator. There's no one to enforce security policies and there are no realistic training requirements or credentials for users who operate these systems. This has become an increasing problem in the workplace as the number of systems and their pseudo-admins grow.

    As many have said, someone MUST be held accountable for their lack of responsibility. If the admins/users wish to be lazy, and no one forces them not to be, then what's the motivation to be security-conscious? In businesses, government, institutions, only well-trained and competent people should be allowed to manage any device on the network. Many people think they are administrators, but just knowing how to update a system doesn't make you a good admin, and most don't even realize all the different layers of security that need to be considered. For home users, (I'll probably get bashed for this), the ISP's should play a bigger role in making sure their customers are responsible for any damage they cause, or even be the ones to offer security services to customers. I people would be double-checking access logs and services, running scans, and doing updates more frequently if they could be fined, fired, or otherwise held responsible for not keeping things secured.

  7. Not Approved! by Anonymous Coward · · Score: -1, Offtopic

    D-

  8. Re:Oh, the dreaded D+ by WhatAmIDoingHere · · Score: 0, Offtopic

    You get a D+ in spelling.. "You're"

    --
    Not a Twitter sockpuppet... but I wish I was.