The U.S. government flunked a computer-security review for the third consecutive year on Tuesday, showing no improvement despite increased attention from high-level officials. . .
The U.S. government flunked a computer-security review for the third consecutive year on Tuesday, showing no improvement despite increased attention from high-level officials.

Government agencies that oversee military forces, prosecute criminals, coordinate emergency response efforts and set financial policy all received failing grades from congressional investigators.

The Department of Transportation, whose computer systems guide commercial aircraft and allocate millions of dollars in highway funding, received the lowest score, 28 out of a possible 100.

Stung by a series of electronic break-ins and Internet-based attacks, Congress has voted to triple spending on cybersecurity research efforts while the Bush administration is pulling together a much-publicized set of guidelines for businesses and individuals.

But the government's own systems remain wide open, the General Accounting Office found.

Of the 24 government agencies surveyed, 15 received failing grades, while only three received a grade of C or higher. Six agencies improved their ranking over last year, but six others had lower grades.

Reports of cyberattacks have increased dramatically over the past few years, according to CERT, a computer-security institute at Carnegie Mellon University. The center expects about 97,000 attacks this year, up from fewer than 4,000 in 1998, an official said.

Mark Foreman, who oversees information technology for the Office of Management and Budget, said no new computer system purchases will get the green light unless officials show they can be secured.

Some progress has been made as senior officials have become aware of the problem, he said, but much fundamental work still needs to be done.

"We need to get into the nuts and bolts," he said.

A Social Security Administration official, whose agency's B-minus rating topped the report, said employees knew to report viruses or other problems as soon as they found them. The agency scans its computers monthly and requires users to change their passwords frequently, said James Lockhart, chief operating officer of the SSA.

At the Transportation Department, efforts have been hampered because the post of chief information officer has been vacant since January 2001, said Kenneth Mead, the agency's inspector general.

While computers at the department have been strengthened against Internet-based attacks, hackers can still worm their way in through outside contractors whose systems are connected to the department's computers, he said.

"We think that's a significant risk," Lockhart said.

The link for this article located at Reuters is no longer available.