Agencies' Computer Security Sharply Criticized

Most federal agencies that play key anti-terrorism roles are doing a dismal job of protecting their computers and information networks from hackers and viruses, according to a report to be released today by a key congressional oversight committee.

The Department of Homeland Security, which is charged with setting the government's cybersecurity agenda, earned a grade of F for the third straight year from the House Government Reform Committee, according to portions of the report obtained by washingtonpost.com. Other agencies whose failing marks went unchanged from 2004 include the departments of Agriculture, Defense, Energy, State, Health and Human Services, Transportation and Veterans Affairs.

Thomas M. Davis III called the scores unacceptable. (Jason Reed - Reuters) Full Report Card List of Cyber Security Grades for Federal Agencies   Cyber-Security Internet users witnessed yet another wave of spam, worms, viruses and other online attacks in 2005, and experts predict the online world will grow even more dangerous this year. So Many Passwords, So Little Time Where Nobody Knows You're a Virus Fast Forward: Social Networks May Provide A Chattering Class For Viruses South Korean Web Sites Are Hobbled in New Round of Attacks U.S., South Korea Targeted in Swarm Of Internet Attacks More News Protecting Your Identity Thieves are no longer only after your wallet, jewels or other precious belongings. Instead, they want you. Learn how to protect yourself and what to do if you're a victim. • Identity Theft Special Report Save & Share Article What's This? Digg Google del.icio.us Yahoo! Reddit Facebook

The committee will award the federal government an overall grade of D-plus for computer security in 2005, a score that remains virtually unchanged from 2004.

Several agencies saw a considerable drop in their scores. The Justice Department went to a D in 2005 from a B-minus in 2004, while the Interior Department earned failing marks after getting a C-plus in 2004.

The scores are "unacceptably low," committee Chairman Thomas M. Davis III (R-Va.) said in a statement. "DHS must have its house in order and should become a security leader among agencies. What's holding them up?"

Some agencies improved. The National Science Foundation and the General Services Administration each saw their scores rise to an A last year from a C-plus in 2004. The Environmental Protection Agency and the Labor Department earned A-plus grades in 2005, up from B and B-minus, respectively.

The annual report bases the grades on the agencies' internal assessments and information they are required to submit annually to the White House Office of Management and Budget. The letter grades depended on how well agencies met the requirements set out in the Federal Information Security Management Act.

FISMA requires agencies to meet a wide variety of computer security standards, operational details -- such as ensuring proper password management by workers and restricting employee access to sensitive networks and documents -- and creating procedures for reporting security problems.

Krebs is a staff writer for washingtonpost.com. For a complete listing of agency grades, go tohttp://www.washingtonpost.com/wp-srv/business/documents/fismachart.html.