I was going to say something like “three Fs and your out,” but we are stuck with them and their cute little color coded scare scheme, so be it. The Department of Homeland Security graded a complete failure on computer security, as judged by the House Government Reform Committee.
Of course, this is the third year in a row that DHS blew it, but they weren’t alone. Also failing miserably (with “Department of” included for emphasis):
– Department of Agriculture
– Department of Defense
– Department of Energy
– Department of Health and Human Services
– Department of the Interior
– Department of State
– Department of Transportation, and
– Department of Veterans Affairs.
Committee Chairman Tom Davis (R-VA) noted:
“The scores are “unacceptably low.”
Get out! Did any “department” pass? Yep, the DOJ got a “D” – whew.
I didn’t even know we had a House Government Reform Committee, but I am sure they got an “A” – Congress people are proven experts at editing Wikipedia.
An obvious insider (or someone really wanting for attention) chimes in via Slashdot:
You know, DHS has many sub-organizations within it. There are different groups responsible for IT Security within the different organizations and there is nothing that says “You will do this…” because there are different requirements for each location. When you say that there is no security, are you talking about a network that is intentionally exposed to facilite ease of use for particular tasks or one that is harboring vital information? Are you knocking the techs for the network being vunerable or the users for writing down passwords on post-it notes? A Congressional Oversight committe says that security is lacking? Half of them don’t even know how to get into their own calendars, and get up at arms if they can’t get to thier AOL e-mail from the office. They have no idea what it takes to give them what they demand, all they care about is papers that say that it has to be locked down. How many of you techs work in an enviornment where you can’t download drivers from an FTP site without approval and access to a specific machine that is locked down? A 2 min download takes a day to get signed off on. It may not be like this in all of DHS, but, I can tell you that there are locations where someone needs to do a review to relax the existing level of security to allow people to do some work. This whole issue is B.S. in my eyes. The only way to make a passing grade based on government standards is to kick out all of the users and build a token-ring that’s not connected to the outside world.
At least now we might have an answer as to why.