HOUSE panel flunks federal government on computer security against hackers, terrorists

<br>WASHINGTON (AP) _ Despite dramatically tighter security at U.S. buildings since the terrorist attacks, a House panel is giving the government failing marks for lax protection of federal computer networks

Friday, November 9th 2001, 12:00 am

By: News On 6

WASHINGTON (AP) _ Despite dramatically tighter security at U.S. buildings since the terrorist attacks, a House panel is giving the government failing marks for lax protection of federal computer networks against hackers, terrorists and others.

The ``F'' grade dropped from the ``D-'' that the government earned in September 2000. Fully two-thirds of federal agencies _ including the departments of Defense, Commerce, Energy, Justice and Treasury _ flunked the latest governmentwide ``computer security report card.''

The National Science Foundation, with ``B+'' marks, ranked best of the 24 largest agencies and departments; the Social Security Administration was given a ``C+'' and NASA was given a ``C-'' grade.

The grades were based on information the departments gave to the Office of Management and Budget. Under a new federal law, agencies must report regularly to OMB on their efforts to keep computers safe.

Congressional investigators from the General Accounting Office considered whether agencies had developed security policies or plans, such as limiting the ability of users to install rogue software.

The GAO routinely hacks into federal computers to test security and rarely fails. At the Commerce Department, for example, the GAO in August found some computers didn't require any passwords; some used ``password'' as the password; and entire lists of passwords were stored in plain view on the computers themselves. When one Commerce employee detected investigators trying to hack the agency's computers during their testing, he launched an illegal, electronic counterattack against the GAO.

The House Government Reform subcommittee on government efficiency, headed by Rep. Stephen Horn, R-Calif., was announcing the findings at a hearing Friday. At a hearing earlier this year, Horn complained that government has made little progress improving computer security. ``Are we going to wait until these vital systems are compromised, or worse?'' Horn asked.

The Environmental Protection Agency and State Department were given ``D+'' grades in the latest listing. The General Services Administration, Federal Emergency Management Agency and Housing and Urban Development Department earned ``D'' marks.

Other agencies that earned an ``F'' were the: Agriculture Department, Agency for International Development, Education, Health and Human Services, Interior and Labor departments, Office of Personnel Management, Small Business Administration, and the Transportation and Veterans Affairs departments.