Agencies Still Fail to Take Steps to Secure Information Systems

A panel of government officials and industry security experts say the computer systems and networks at nearly all major federal agencies are still vulnerable to cyberattack, which means most still don’t have comprehensive security programs to protect sensitive information.

In an article on the NextGov.com website, Jill R. Aitoro says the experts made the remarks in front of a House subcommittee last week. She says James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies, told the subcommittee that agencies aren’t taking the potential for cyberattack seriously enough.

“My fear is that when we predict the end of the world and it does not happen, people lose interest or think the problem is not serious yet,” he said. “[There’s] an unwillingness to recognize our own vulnerabilities or admit how deeply we have been penetrated, and a certain belief in our own superiority over our opponents ...We may still be first among equals, but on bad days, I am not even sure about that.”

Aitoro says Gregory Wilshusen, director of information security issues at the Government Accountability Office (GAO), also pointed out that the GAO found weaknesses in security controls to detect, limit or prevent access to computer systems at 23 of 24 major agencies in 2008.

“An underlying cause for information security weaknesses at federal agencies is that they have not yet fully or effectively implemented key elements for an agencywide information security program,” as required under the 2002 Federal Information Security Management Act, said Wilshusen.

But who is at fault? Aitoro says members of the subcommittee blamed the Department of Homeland Security for failing to enforce cybersecurity standards at the agencies.

To read the full article, click here: http://www.nextgov.com/nextgov/ng_20090505_6514.php