The federal government should leverage its legislative and purchasing power to force rapid improvement in the state of operating system and application security and quality. And it must quickly do a better job setting itself up as a model of IT security, as called for in the government's plan to secure cyberspace.. . .
The federal government should leverage its legislative and purchasing power to force rapid improvement in the state of operating system and application security and quality. And it must quickly do a better job setting itself up as a model of IT security, as called for in the government's plan to secure cyberspace.

In early December, officials at the U.S. Department of Homeland Security (DHS) sent a clear message to private industry: Improve your security, or we'll pass legislation to make you do so.

But before DHS takes action to force the private sector do more to secure its systems, the federal government needs to do more -- much more -- to lockdown its house.

The private sector has invested billions of dollars to improve security, deploying antivirus applications, firewalls, intrusion-detection systems, virtual-private networks, and high-end security event-management-correlation engines. And they're still getting nailed by viruses and worms and hackers. Why? I'll get to that in a second. But first, let's look at the federal government's cyber-security grades.

It's true the feds made some progress in securing their systems and networks in 2003 as compared to 2002, but that's only because the job they were doing in 2002 was so bad. In 2002, 13 federal agencies flunked IT security. This year, only eight of 24 agencies received failing grades.

The link for this article located at SecurityPipeline is no longer available.