Lieberman Raps Federal IT Security Systems

Federal agencies are failing at implementing effective information security
policies and practices and Sen. Joe Lieberman (D-Conn.) wants something done
about it. Lieberman is the author of the E-Gov Act requiring annual reports
on federal agencies’ security practices.

His comments come in the wake of the most recent Government Accountability
Office (GAO) report finding pervasive weaknesses in almost all areas of
information security controls at 24 major agencies.

“Protecting federal computer systems and the systems that support critical
infrastructures has never been more important due to the emergence of new
and more destructive attacks,” Lieberman said in a statement. “Consequently,
it is imperative that federal agencies improve information security.”

Of the 24 federal agencies it audited, the GAO study found five major areas
of weaknesses including access controls, software change controls,
segregation of duties, continuity of operations planning and agency-wide
security programs.

The Departments of Defense, Homeland Security, Commerce, Transportation,
Justice and Interior, the GAO states, have weaknesses in all five areas. The
law requires each agency to have policies and procedures that ensure
compliance with minimally acceptable system configuration requirements, as
determined by the agency.

The report states, “As a result [of the deficiencies], federal operations
and assets are at increased risk of fraud, misuse, and destruction and these
weakness place financial data at risk of unauthorized modification or

It added, “These weaknesses place financial data at risk of unauthorized
modification or destruction, sensitive information at risk of inappropriate
disclosure, and critical operations at risk of disruption.”

Lieberman’s E-government Act, which was signed into law in 2002,
includes the Federal Information Security Management Act (FISMA), a
toughened up version of the Government Information Security Reform Act that
he had originally coauthored in 2000. The law establishes guidelines for
computer security throughout the federal government and provides for
oversight by both the Congress and the Office of Management and Budget.

News Around the Web