Security Scores
The Department of Education isn’t quite at the head of the class, but it is doing better than numerous other federal agencies on a “report card” that grades the federal government on computer security.
The Education Department received a C-plus for 2003, lifting its score from a D the previous year and an F in 2001. The improved grade also meant that the department scored higher than the governmentwide average of D, according to the “Federal Computer Security Report Card,” issued last month by the House Government Reform Committee’s subcommittee on technology.
Twenty-four federal agencies were graded on information they provided to the subcommittee, as well as on reports on computer security submitted by their respective inspectors general to the White House Office of Management and Budget, as required by a 2002 law.
The top-scoring agency, somewhat reassuringly, was the Nuclear Regulatory Commission, which received an A. The National Science Foundation got an A-minus.
Less reassuringly, eight departments received F’s, including the departments of Homeland Security and Justice.
Among the factors that figure in the subcommittee’s grades are agencies’ security procedures, employee training, and planning for continuity of operations during security threats.
William J. Leidinger, the Education Department’s assistant secretary for management and chief information officer, said he was pleased with the C-plus.
“We increased security and focused on the student- lending system, the network, which is the backbone, the financial system, and grant system,” he said. “We are wrapping up work on the Web page to make it more secure.”
He said the department improved computer security by eliminating multiple points of entry, limiting a user’s ability to move data through the system and separating staff duties so that one person doesn’t have access to everything.
Rep. Thomas M. Davis III, R-Va., the chairman of the Government Reform Committee, said computer security is a very important subject.
“For too long now, information security has taken a back seat in the collective conscience of our nation,” he said in a statement. “We must come to the stark realization that a major Achilles’ heel is our computer networks.”
—Lisa Goldstein