Thursday, November 19, 2009
Feds falling behind in the race against cyber threats, GAO says
Despite increased cooperation among agencies charged with protecting the government’s information infrastructure, federal cybersecurity is failing to keep pace with the growing threat of attack from hackers, criminals and other nations, a Senate panel has been told.
The Government Accountability Office has identified weaknesses in security controls in almost all agencies for years, Gregory Wilshusen, GAO's director of information security issues, and David Powner, the agency's director of information technology management issues, told the Senate Judiciary Committee's Terrorism and Homeland Security Subcommittee Nov. 17. Agencies are falling short in their use of strong authentication, encryption, and network monitoring, they said.
“An underlying cause of these weaknesses is agencies’ failure to fully or effectively implement information security programs, which entails assessing and managing risk, developing and implementing security policies and procedures, promoting security awareness and training, monitoring the adequacy of security controls, and implementing appropriate remedial actions,” they testified. GNC