Congress gave the federal government's computer security effort a failing grade Tuesday amid warnings that terrorists could easily play cyber-havoc with systems controlling the nation's economy, infrastructure and defenses. "We must solve this problem and solve it quickly," said Rep. Stephen Horn, R-Lakewood, whose Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations gave 24 federal agencies an overall grade of F.
The Social Security Administration, rated B-minus, was the top performer in Horn's third annual survey of systems security. It was lauded for employing a strong chief information officer and keeping strict control over passwords and other access to its 100,000 desktop computers, which handle 35 million client transactions each workday.
The Department of Labor got a C plus, the Nuclear Regulatory Commission earned a C, and grades of D plus were given to the Department of Commerce and the National Aeronautics and Space Administration.
Barely passing Ds were issued to the Departments of Education, Health and Human Services and the General Services Administration, Environmental Protection Agency and National Science Foundation.
Failing grades were given to Defense, Justice, State, Veterans Affairs, Treasury, Energy, Interior, Transportation, Housing and Urban Development, and Agriculture, plus the Agency for International Development, Office of Personnel Management, Small Business Administration and the Federal Emergency Management Agency.
"The cyber-world and the physical world are now interconnected," said Richard Pethia, director of the Computer Emergency Response Team at Carnegie Mellon University in Pittsburgh. He noted that reported attacks on business and government computer systems nationwide are expected to top 97,000 this year, compared with 52,000 in 2001 and only 3,700 in 1998.
Pethia stressed that the majority of the incidents are linked to "recreational hackers not intent on doing damage," but warned that those actions have exposed the vulnerability of government systems to terrorist attacks.
Pethia said a terrorist hacker could release water from dams or shut down systems controlling the supplies of electricity and natural gas to entire states and regions.
Horn and several witnesses expressed concern that Pentagon command systems and those of FEMA, a key component in President George W. Bush's homeland defense strategy, both failed the subcommittee's security test.
Tuesday's hearing coincided with the release of a General Accounting Office report that found "a broad array of federal operations and assets at risk of fraud, misuses and disruption." The report found that access passwords for federal systems are rarely changed, often exchanged among employees and are often issued to outside government contractors who have not been subjected to security checks.
Mark Forman, associate director of information technology and e-government for the Office of Management and Budget, told Horn that the report card would be delivered to Bush and that bad grades "could be career threatening" to top bureaucrats.
"This is extremely important to the White House," Forman said.
Quelle: Daily News
