Security flunks Horn's final exam

Overall, agencies earned an 'F' on Rep. Horn's latest report card on government security

The professor has given his final exam on computer security, and the results are miserable.

Overall, federal agencies earned an "F" on Rep. Stephen Horn's latest report card on government security — the same grade they earned in 2001. When he issued his first computer security report card in 2000, Horn (R-Calif.) awarded agencies an overall grade of D-.

Of the 24 federal agencies Horn graded, 14 flunked. The highest grade was a B-minus.

Agencies are increasingly reliant on computers and must do a better job of protecting their systems against hackers, viruses and other threats, Horn said.

With lax computer security, agencies are vulnerable to "ever increasing risks of fraud, inappropriate disclosure of sensitive data, and disruptions in critical operations and services," Horn warned Nov. 19 at the start of a hearing during which he issued the report card.

In recent years, Horn has resorted to issuing report cards to call attention to poor performance by government agencies on technology and other matters.

A former professor and president of California State University at Long Beach, Horn's grading system helped focus attention on certain agencies' lack of preparedness for the Year 2000 date change problem that threatened computer systems.

On the Year 2000 report cards, grades ranged from A-plus to F.

Later Horn focused on financial management, where grades were poorer. In 2001, for examples, agencies averaged only a C-minus. Then on computer security, performance plummeted.

Horn, who is chairman of the House Government Reform Committee's Government Efficiency, Financial Management and Intergovernmental Relations Subcommittee, is retiring from Congress at the end of this session. His southern California district was eliminated during redistricting earlier this year.

During the final hearing of his subcommittee Nov. 19, Horn offered a shred of faint praise for the computer security efforts of the agencies he graded.

"Eleven of the 24 agencies have shown some improvement," he said. But "overall, progress is slow." Some agencies seem to be "getting a handle on the scope of their computer security problems, but in the meantime, the federal government's systems and assets remain vulnerable," Horn said.

But even as agencies begin to understand the scope of their problems, the problems are getting worse, he said. "Reports of attacks and disruptions are growing, and they are becoming more complex and harder to trace. The number of reported computer security incidents has risen 71 percent over the last year."

Horn's computer security grades were as follows:

AGENCY GRADE
Social Security AdministrationB-
Labor Department C+
Nuclear Regulatory Commission C
Commerce Department D+
NASA D+
Education Department D
General Services Administration D
National Science Foundation D-
Environmental Protection Agency D-
Department of Health and Human Services D-
Justice Department F
State Department F
Agency for International Development F
Office of Personnel Management F
Department of Veterans Affairs F
Housing and Urban Development F
Small Business Administration F
Treasury Department F
Energy Department F
Defense Department F
Interior Department F
Agriculture Department F
Federal Emergency Management Agency F
Transportation Department F

NEXT STORY: Mississippi has a hit with portal