Government Agencies Fail Computer Security Review

Article excerpt

WASHINGTON -- A fourth of the government's major agencies, including the departments of Justice, Labor, Interior, Agriculture and Health and Human Services, flunked a computer security review.

The F's given to seven of the 24 major agencies, based on agency-reported data and General Accounting Office and the Inspector General audits, led to a government-wide grade of D-, said Rep. Stephen Horn, R-Calif., chairman of the House Government Reform Committee's technology subcommittee.

The departments that flunked all keep important computer data, said Horn, who called the scores the first government-wide assessment of computer security.

"The Department of Labor, charged with maintaining vital employment statistics, an F. The Department of the Interior, which manages the nation's public lands, an F," said Horn, as his staffers passed out fake report cards to the media.

"The Department of Health and Human Services that holds personal information on every citizen who receives Medicare, another F. Agriculture and Justice, the Small Business Administration and the Office of Personnel Management, the personnel office for the entire federal government, all F's."

All 24 agencies has significant problems in allowing unauthorized access to sensitive information, said Joel Willemssen, director of the GAO's accounting and information management division. Auditors proved that point by trying to hack into government computers from remote locations.

"Our auditors have been successful, in almost every test, in readily gaining unauthorized access that would allow intruders to read, modify or delete data for whatever purpose they have in mind," the GAO report said.

The agencies aren't good at monitoring access inside their own work forces, either, the report said.

At one unnamed agency, all 1,100 computer users were granted access to sensitive system directories and settings, while at another agency, 20,000 users had been provided access to one system without written authorization, the GAO report said.

"Federal agencies have serious and widespread computer security weaknesses," Willemssen said. …