By Jay Lyman TechNewsWorld Part of the ECT News Network
03/17/06 1:37 PM PT
The DHS has been criticized for its bureaucracy and changeover of leaders and staff. There was some hope in the security community that former Symantec executive Amit Yoran would be able to steer the department in the right direction when he filled the post of IT Security Czar in 2003. However, Yoran left the department a year later, and the post remains vacant.
How Much is 'Free' Costing You? Learn how DaveRamsey.com saw a 567% uplift in ROI with Omniture. This complimentary guide and webinar cover the most important factors in selecting an analytics solution. Download Now.
The U.S. House Committee on Government Reform this week issued its most recent grades for IT security among government agencies, and once again, the division charged with ensuring cyber security for the nation got an F.
The Committee said despite investment and improvement efforts, the Department of Homeland Security (DHS) was not passing the test of IT security policy and program, inventory, training and subcontracting as required by the 2002 Federal Information Security Management Act. The bad mark is the third in a row for DHS, which was joined by the departments of State, Defense, Interior, Health and Human Services, Veterans Affairs and Energy in receiving failing marks.
Departments that scored well included the Department of Labor, Social Security Administration, Environmental Protection Agency, and National Science Foundation, which all received A grades. NASA came in with a B minus.
Homeland Hiring Difficulties
The DHS has been criticized for its bureaucracy and changeover of leaders and staff. There was some hope in the security community that former Symantec (Nasdaq: SYMC) executive Amit Yoran would be able to steer the department in the right direction when he filled the post of IT Security Czar in 2003.
However, Yoran left the department, reportedly out of frustration, a year later, and the post remains vacant today.
"Congress established an assistant secretary position, but they're having trouble finding someone for it because people from the security industry don't want to get immersed in that quagmire," IT-Harvest Founder and Chief Research Analyst Richard Stiennon told TechNewsWorld. "I think it's indicative of a bigger problem that they can't hire a security professional at the level they need to."
Mitigating Risk
The latest Committee on Government Reform report card indicates DHS and other failing or near-failing departments, including the Nuclear Regulatory Commission, are not complying with federal law that requires them to enact and follow a solid security program.
Stiennon said although the poor grades might mean government sites and services could be impacted by a cyber attack or event, the more critical infrastructure in terms of military and first responders is better protected.
While much of the Internet infrastructure in the U.S. is actually owned and controlled by private industry, which is better secured, a major cyber incident would still cause great embarrassment, hearings, and "heads to roll" in the U.S., Stiennon said.
Surprise Attacks
However, Stiennon said attackers are unlikely to draw attention to their efforts, which might include industrial espionage, nationalized hacking efforts directed at the U.S., and increasingly, theft from large financial institutions and others.
"Some of the primary attackers wouldn't want [a large event]," he said. They're more likely to take a stealthy approach, he concluded.
Security Researchers Crack Zippo Password March 16, 2006
Attackers are much more likely to use a bot or an e-mail worm that requires user interaction, said Ken Dunham, senior engineer at VeriSign's threat intelligence firm iDefense, because these methods will yield as many as 10,000 or 20,000 victims. More victims means more money.
Related Stories
Silicon Prairie May Be Fertile Ground for Emerging Homeland Security Biz March 07, 2006
This month marks the third anniversary of the creation of the federal Department of Homeland Security, but increasingly, the federal government is realizing how important local, first responders are to securing the nation, according to Hardik Bhatt, chief information officer of the city of Chicago.
Can Mac Users Start Thinking Security? February 23, 2006
"Many Windows users have been told time and time again to ensure that their anti-virus software is updated daily," said Scott Carpenter, director of security labs at Secure Elements. "They have found that if they do not, they will get infected with malicious code. Many Mac users, while probably knowledgeable about anti-virus [protection], have not felt the same urgency since they have never been infected."
Apple Security Woes Deepen February 21, 2006
Apple has been making inroads into corporate markets, which could put some company networks at risk if the creation of Mac malware does escalate. "Most businesses do not standardize on Macs, but many networks today contain at least one Mac system, even if the network is predominantly Windows- or Linux-based," Jon Kuhn, director of product management at SonicWALL, noted.
Microsoft Chairman Envisions Improved PC Security February 15, 2006
"Our vision for security is to create a world where there is greater trust -- where people and organizations can use a range of devices to be more reliably and securely connected to the information, services and people that matter most to them," said Microsoft Chairman Bill Gates.
Maker of CD Copying Software Relents on Security February 07, 2006
"SunnComm's behavior is a very thinly veiled media ploy to make the company appear more favorable in the market, and a blatant attempt to avoid the class action lawsuits that are plaguing Sony BMG as a result of compromising the security of personal computers around the world," Jarad Carleton, an analyst with Frost & Sullivan, told TechNewsWorld.
Related News Alerts
More by Jay Lyman
Open Source Developer Dumps Novell Over Microsoft Deal December 26, 2006
A key open source developer, Jeremy Allison, who cofounded the Samba project, has resigned from Novell in protest over the company's recent agreement to enter a collaborative arrangement with Microsoft. The deal has created an uproar in the open source community because it does not treat all recipients of the GPL equally and thus violates the spirit of the license, critics say.
Financial Firms Tap Microsoft for Linux December 22, 2006
Three major financial institutions are among the first companies to go to Microsoft for Linux services, provided through an agreement the software giant struck with Novell. Although a recent survey showed customer approval of the collaboration, many members of the open source community view Novell's move as sleeping with the devil.
Mozilla Beefs Up Security in Firefox 2.0 December 21, 2006
Mozilla's latest update to its open source Firefox browser includes security measures targeting phishers. Phishing scams that use social engineering techniques to dupe Web surfers into revealing personal financial information have become an effective way for cybercriminals to conduct their nefarious activities on the Internet.
Headline Feeds
Talkback: 
