Washington DC has been hit with yet another discouraging assessment of the Uncle Sam's IT management and security practices.
The bi-annual grading of federal organizations [PDF] was released this week, and, by and large, they show America's government bureaucrats have a lot of work to do when it comes to securing, updating, and managing their networks and data.
The grades were presented following a probe by the House Oversight Committee's Subcommittee on Government Operations into the progress of FITARA, known in its long form as the Federal Information Technology Acquisition Reform Act of 2013, which tries to get Uncle Sam's pen pushers to up their IT game.
Two bodies in particular turned in low marks this period. Both NASA and the Department of Homeland Security were handed a D- in their reports. Good thing they don't handle anything important, eh?
Sidebar: for those unfamiliar with America's grading system, marks in high school are traditionally given as letter grades, typically the highest being A+ and the lowest passing mark being a D-, with an F indicating a failing grade.
For Homeland Security, the biggest blunder was not giving its chief information officer (CIO) enough power and scope to get the job done right. The department was given an F for not gradually increasing the CIO's authority, and thus making information security more of a priority, and for its failure to let the CIO position report directly to the head of the department.
Stop us if you've heard this one: US government staff wildly oblivious to basic computer, info security safeguardsREAD MORE
On the other hand, Homeland Security did get an A grade in keeping up with software licensing – and its compliance with the Federal Information Security Modernization Act (FISMA) was among the best of the 24 federal bodies tested. FISMA requires officials to comply with existing security industry standards.
Meanwhile, NASA got a failing mark for its transparency and risk management practices, while its FISMA compliance only warranted a D grade. The space boffins were also shamed for their inability to let the CIO reports directly to the agency's head.
However, NASA did manage to earn A grades in portfolio review and software licensing.
While none of the 24 bodies were able to get an overall A on the assessment, all at least passed and seven did receive a B+: the Department of the Environment, the Department of Housing and Urban Development, the Veteran's Administration, the General Services Administration, the National Science Foundation, the Small Business Administration, and the Social Security Administration.
"For the second scorecard in a row, there are no agencies receiving a failing grade," noted committee chairman Rep Gerald Connolly (D-VA). "While there are no A grades on this scorecard, the Department of Labor (B-) and the US Agency for International Development (B-) would have each received an A+ if they had changed their reporting structure to allow for their chief information officers to report to the head or deputy head of the agency."
The report comes as federal government officials find themselves under renewed scrutiny amid reports of heightened attacks from foreign state-sponsored hacking groups such as those in Iran. Earlier this week, a review of ten years' worth of audits of US government bodies concluded that many were neglecting to address even the most basic of cybersecurity requirements. ®