U.S. government needs new cybersecurity, Nah!!!
January 2008
U.S. government agencies need to take additional steps to protect against cybersecurity problems after a series of congressional hearings and reports exposed several weaknesses in 2007, representatives of Symantec Corp. said. The government sector, including state and local governments, accounted for 26 percent of data breaches that could lead to identity theft in the first half of 2007, according to Symantec’s latest Government Internet Security Threat Report, published in September. The U.S. Government Accountability Office (GAO) also issued about a dozen reports in the last six months criticizing federal agencies for not fully implementing the GAO’s cybersecurity recommendations. While U.S. agencies have a set of cybersecurity rules set out in the Federal Information Security Management Act, agencies are not held accountable when they have breaches, said Symantec’s vice president for the public sector. Agencies do not lose funding from Congress after cybersecurity incidents, he said. Agencies can take more steps to fix problems, he added, such as to inventory IT assets, to develop comprehensive cybersecurity plans, do systematic vulnerability testing, have a data backup plan and back up frequently. There still seems to be interest from lawmakers in agency cybersecurity and breach notification, he said. The hearings and information requests from lawmakers are bringing to light multiple attacks and breaches at agencies, he said. “There’s no real mechanism requiring agencies to report breaches,” added Symantec’s federal government relations manager.
U.S. government agencies need to take additional steps to protect against cybersecurity problems after a series of congressional hearings and reports exposed several weaknesses in 2007, representatives of Symantec Corp. said. The government sector, including state and local governments, accounted for 26 percent of data breaches that could lead to identity theft in the first half of 2007, according to Symantec’s latest Government Internet Security Threat Report, published in September. The U.S. Government Accountability Office (GAO) also issued about a dozen reports in the last six months criticizing federal agencies for not fully implementing the GAO’s cybersecurity recommendations. While U.S. agencies have a set of cybersecurity rules set out in the Federal Information Security Management Act, agencies are not held accountable when they have breaches, said Symantec’s vice president for the public sector. Agencies do not lose funding from Congress after cybersecurity incidents, he said. Agencies can take more steps to fix problems, he added, such as to inventory IT assets, to develop comprehensive cybersecurity plans, do systematic vulnerability testing, have a data backup plan and back up frequently. There still seems to be interest from lawmakers in agency cybersecurity and breach notification, he said. The hearings and information requests from lawmakers are bringing to light multiple attacks and breaches at agencies, he said. “There’s no real mechanism requiring agencies to report breaches,” added Symantec’s federal government relations manager.
posted by arkietechs at 11:32 AM
0 Comments:
Post a Comment
<< Home