Despite some gains, Feds still struggle with cybersecurity

The federal government continues to earn poor grades for cybersecurity, according to the second annual report card issued by the Cyber Security Industry Alliance.

The alliance gave the Bush Administration and Congress three "D" grades for 2006 for its lack of progress in securing sensitive information against crime, protecting critical cyber infrastructures and maintaining federal information integrity. A year ago, the alliance handed out an F, six Ds, four Cs and a B on a similar scorecard.

"While the government has taken some positive steps forward to improve the state of information security, action has been decidedly mixed," said Liz Gasster, acting executive director of the alliance.

For example, Homeland Security Secretary Michael Chertoff's appointment of an assistant secretary for cyber security and telecommunications was a sign of progress.

But the alliance, which is funded by IT companies, noted the Homeland Security Department is falling short in coordinating protections for the Internet and other infrastructures.

"There continues to be little clarity on DHS' top priorities," the alliance said in its report. "While the problems and threats in cyberspace are vast and serious, DHS' responsibilities are narrow and critical. The Department has no clear plans, protocols and programs to deal with a large-scale cyber disaster."

For its agenda in 2007, the alliance is urging Congress and DHS to establish and fund cybersecurity priorities for the department.

One of those priorities should be the establishment of an integrated, dedicated system to monitor critical IT infrastructures, especially those involved with government databases for law enforcement and intelligence, the alliance said.

Furthermore, the department is spending only $20 million a year in the critical area of cybersecurity research and development, the report said.

The alliance also wants Congress to pass comprehensive legislation to protect sensitive information and to notify consumers if their personal data has been stolen or lost. A third priority is to strengthen the Federal Information Security Management Act.