U.S. agencies receive D+ cybersecurity grade

U.S. government agencies on Wednesday collectively received a D+ grade in their cybersecurity efforts, a slight improvement from the grade they received a year ago from a congressional watchdog committee.

A year ago, the U.S. government received a D grade from the House Government Reform Committee, with eight agencies receiving failing grades. For 2004, seven agencies received failing F grades, said Representative Tom Davis, a Virginia Republican and chairman of the committee.

Davis, asked during a press conference if he was frustrated with the marks, said government agencies are generally “moving in the right direction.” This is the fifth year the committee has given the cybersecurity grades.

The 2004 grades also contain significant bad news, Davis added. “We need to move faster, and I hope it won’t take some kind of cyber (attack) to crystalize everybody,” he said. Davis singled out the Department of Transportation and the Department of State as agencies that made significant progress in the past year. In December 2003, the Department of Transportation received a D+ grade; this year it received an A-. The State Department raised its grade from an F to a D+, and Davis noted that the agency just missed receiving a C.

On the other hand, the Department of Commerce’s grade declined from a C- to an F, and the Department of Veterans Affairs fell from a C to an F. The Department of Homeland Security received an F for the second straight year. Among the areas where government agencies still need to improve, according to Davis, are testing of contingency plans, configuration management, incident reporting, and specialized training for employees with security responsibilities.

“Our committee’s primary goal is to help create a 21st century government to meet 21st century challenges and fight 21st century enemies,” Davis said. “Our optimal weapon in this struggle is information — information moved within agencies and across departments.”

In a separate announcement, the Information Technology Association of America (ITAA) released a survey Tuesday showing that chief information officers (CIOs) at U.S. government agencies feel pressure to improve IT security and standardize technologies in use in their agencies.

The trade group, in its 15th annual federal CIO survey, found that CIOs report significant progress in several areas, including IT security, improved electronic government initiatives and improved planning for IT projects. However, the 44 government CIOs interviewed for the survey, conducted during the second half of 2004, said they have more work to do in many areas.

Another focus of the CIOs is transforming their work forces, said Paul Wohlleben, a partner in Grant Thornton LLP, which conducted the surveys. Many government CIOs expressed concerns that they are unable to attract and retain top technology talent, he said. CIOs are concerned that not enough employees have skills in building and running updated computer systems and networks, and that some IT employees have outdated skills, Wohlleben added. “Budgets have not supported retraining people.”

The ITAA’s survey summary is available at this site.