Slashdot Mirror

← Back to Stories (view on slashdot.org)

DHS Gets Another "F" In Cyber Security

Posted by ryuzaki0 on from the good-job-team dept.

An anonymous reader writes "For the third straight year, the Department of Homeland Security -- which is charged with charting the federal government's cyber security agenda -- earned a grade of "F" for computer security from a key congressional oversight committee, according to a story at Washingtonpost.com. Not only did the overall government-wide computer security grade remain flat (at a barely-passing "D+" but several agencies -- mostly those on the "front lines in the war on terror" -- actually managed to fare worse this year."

10 of 169 comments (clear)

  1. Do we live in a developed country? by bogaboga · · Score: 4, Interesting

    With all the incompetence being displayed in my government's administration, I many times wonder whether I live in a developed country. Should the meaning of "developed country" be re-defined? Remember, nothing seems to get done right in these United States of America these days.

    1. Re:Do we live in a developed country? by MichaelSmith · · Score: 4, Interesting
      I many times wonder whether I live in a developed country.

      Speaking as an outsider (I am an Australian) I think the USA does many things very well. But because the US is a very big country, there are always plenty of stories to tell about people being incompetent. You could put any 10 European countries together and get a similar picture.

      One problem, I think, is that homeland security (at least since 2001) is being built from scratch as an organisation. New outfits tend to get "business as usual" infrastructure much as would be used for an accounting firm or some such. If they went to an established agency like the FBI they might get less modern but more secure solutions.

      --
      http://michaelsmith.id.au
    2. Re:Do we live in a developed country? by Intron · · Score: 2, Interesting

      heh. Bad example. Note the FBI modernization that has been completed: 30,000 new desktop computers for $600M

      --
      Intron: the portion of DNA which expresses nothing useful.
    3. Re:Do we live in a developed country? by meringuoid · · Score: 3, Interesting
      But because the US is a very big country, there are always plenty of stories to tell about people being incompetent. You could put any 10 European countries together and get a similar picture.

      Or the 25 countries..

      Hell yeah. Brussels' ineffectiveness at spending money is legendary. The regional development funds are, on the whole, pretty well used to improve infrastructure in poorer countries (for example, the current Irish economic boom has a lot to thank Brussels for), but God help anyone who tries to makes sense of the Common Agricultural Policy. That thing's an incredible black hole for money.

      And that's quite apart from the notorious corruption in Brussels itself. MEPs and Brussels bureaucrats have generous expense accounts and perks, which have been... creatively used from time to time.

      Part of the problem, I think, is that Brussels isn't a real government. It doesn't raise money by taxation, but by contributions from the 25 governments which do; thus it doesn't feel so directly accountable for what it does with the money. And turnouts for elections to the European parliament are generally far lower than those for the national elections, so MEPs get the (correct) impression that their constituents don't really give a damn what they do...

      --
      Real Daleks don't climb stairs - they level the building.
  2. resembles department culture as a whole? by pimpimpim · · Score: 5, Interesting
    FTA: Most [agencies] are spending so much on the paperwork exercises that they don't have a lot of money left over to fix the problems they've identified.

    It figures. Institutions like the DHS are completely focused on administrative, paper-tiger, security. Which in the end doesn't end up in a real security for anyone, but instead a freedom-diminishing administrative load on everyone.

    The National Science Foundation and the General Services Administration each saw their scores rise from a C-plus in 2004 to an A last year. The Environmental Protection Agency and the Department of Labor earned A-plus grades in 2005, up from B and B-minus respectively.

    Good to see there are competent people out there, it should not be impossible. It's just sad that the more 'safety-critical' the organization is, the more sloppy they get on critical points in their organization.

    --
    molmod.com - computing tips from a molecular modeling
  3. They want to be attacked by Jeppe+Salvesen · · Score: 4, Interesting

    The departments are just waiting to be comprehensively attacked by some knuckleheads, so that their military industry sponsors can make money on further upgrading the war machine.

    --

    Stop the brainwash

  4. lawnmower racing by ActionAL · · Score: 2, Interesting

    DHS got in trouble for using taxpayer money to buy lawnmowers and having lawnmower races. What a waste of our tax money. They're probably slack on fixing their computer security so that they can ask the president for more tax payer money and he'll probably say yes, and then they'll go spend some more money buying more lawnmowers for more lawnmower races. What kinda homeland security is this?

  5. Get some facts by Anonymous Coward · · Score: 2, Interesting

    You know, DHS has many sub-organizations within it. There are different groups responsible for IT Security within the different organizations and there is nothing that says "You will do this..." because there are different requirements for each location. When you say that there is no security, are you talking about a network that is intentionally exposed to facilite ease of use for particular tasks or one that is harboring vital information? Are you knocking the techs for the network being vunerable or the users for writing down passwords on post-it notes? A Congressional Oversight committe says that security is lacking? Half of them don't even know how to get into their own calendars, and get up at arms if they can't get to thier AOL e-mail from the office. They have no idea what it takes to give them what they demand, all they care about is papers that say that it has to be locked down. How many of you techs work in an enviornment where you can't download drivers from an FTP site without approval and access to a specific machine that is locked down? A 2 min download takes a day to get signed off on. It may not be like this in all of DHS, but, I can tell you that there are locations where someone needs to do a review to relax the existing level of security to allow people to do some work. This whole issue is B.S. in my eyes. The only way to make a passing grade based on government standards is to kick out all of the users and build a token-ring that's not connected to the outside world.

    1. Re:Get some facts by Pii · · Score: 2, Interesting
      Some agencies seem to be able to manage secure thanselves without cutting themselves of from the world. From TFA, "The National Science Foundation and the General Services Administration each saw their scores rise from a C-plus in 2004 to an A last year. The Environmental Protection Agency and the Department of Labor earned A-plus grades in 2005, up from B and B-minus respectively."

      You obviously don't understand what this OMB report is all about... It's a report card on FISMA compliance, not on the level of Security inherent to the environment at any of those Agencies.

      This was an auditing exercise... Not a Systems Penetration test.

      The Agencies you cite from the article (NSF, GSA, EPA, and Dept. of Labor) have only demonstrated their ability to contend with the paper tiger of FISMA compliance, which is, frankly, what I'd expect from a bunch of pencil pushers and petty buearocrats of the type you'd find at any of those agencies.

      I'm not defending DHS. They should be doing a better job, but as a previous poster accurately pointed out, this is not a 3-year old Department built from scratch. This is a conglomeration of 22 federal agencies that each had historical ties to other Departments until 3 years ago, and they are now in the midst of the largest "Corporate Merger" in history. If you don't think it takes some time to get your arms around something like that, I'd like to see you give it a try.

      --
      For those that would die defending it, Freedom
      has a sweet taste that the protected will never know.
  6. Is anyone really surprised by this finding? by QuadZero · · Score: 2, Interesting

    I know, it's so easy (and fun!) to slam the gov't when they mess up. Lately, they seem to be messing up an awful lot (which translates into an awful lot of fun for folks like me!).

    Only a few agencies improved and those agencies aren't even as significantly correlated to security as the likes of DHS, etc.

    It feels a lot like hypocrisy to me, when the gov't continuously appears to be able to fail and get away with it but we normal, everyday citizens cannot "officially" get away with much at all.

    I wish there was some undiscovered land to be found because I feel the spirit of Christopher Columbus wanting to escape all this seemingly irreparable beaurocracy and start anew elsewhere.

    --
    Richard (aka Merwyck, aka QuaDZeRo) I blog at http://richardharlos.com