Feeds

Lawmakers worry over government network breaches

Congress interests itself in cyber security

Combat fraud and increase customer satisfaction

All three agencies currently in the Congressional spotlight have had subpar grades. The Departments of Commerce and State both received an 'F' in the latest report, while the Department of Homeland Security improved its string of failing grades to a 'D' in 2006, but still has not found the resources to mitigate more than two-thirds of the flaws found in its systems, according to a report from the Department's Inspector General.

Rep. Thompson stressed that the grade should not be a mark of pride. "The American people are tired of hearing that getting a 'D' is an improvement," he said last week.

Such criticism is unlikely to subside any time soon.

On Thursday, the subcommittee will hear from the Department of Homeland Security's US-VISIT program regarding issues that the agency has had in protecting the program's database of traveler information. A report on the security of the program conducted by the Government Accounting Office (GAO) has found that the systems are "riddled with significant information security control weaknesses that place sensitive and personally identifiable information at increase risk of unauthorized disclosure and modification, misuse, and destruction possibly without detection, and place program operations at increased risk of disruption," according to Rep. Langevin.

And a handful of other incidents have attracted the attention of lawmakers. Last week, the Department of Defense shut down e-mail service to an estimated 1,500 employees following a breach, according to reports. The Department of Energy has also come under fire for allowing classified information to be sent over the public Internet.

The incidents underscore that the nation has a larger problem to deal with, Rep. Langevin said in prepared remarks opening April's hearing on the Departments of State and Commerce breaches.

"We don't know the scope of our networks. We don't know who's inside our networks. We don't know what information has been stolen," he said. "We need to get serious about this threat to our national security."

This article originally appeared in Security Focus.

Copyright © 2007, SecurityFocus

SANS - Survey on application security programs

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.