Sen. Collins: Federal Government Lags Behind on Cybersecurity

WASHINGTON, D.C.—Senate Governmental Affairs Committee Chairman Susan Collins (R-ME) today called the federal government’s failing grades on cybersecurity “unacceptable” and urged agencies to take immediate action to protect their critical computer systems and sensitive information.

“Companies protect themselves from deliberate internal and external attacks to confidential databases and computer systems—the federal government should be expected to do the same,” said Senator Collins. “While several agencies, such as the Nuclear Regulatory Commission and the National Science Foundation, have made notable progress, it is unacceptable that eight of 24 major federal agencies have failed to undertake necessary measures to safeguard their computers.”

According to the House Government Reform Subcommittee’s Federal Computer Security Report Card, most government agencies are lagging in their computer security, leaving agencies vulnerable to risks such as denial of service attacks, viruses, and hackers.

“Several agencies that oversee critical programs—like the Department of Agriculture—have had failing grades for four straight years. Since the September 11 attacks, the Administration has strengthened programs aimed at securing the nation’s food and agriculture infrastructure against terrorist attack. But the Department of Agriculture, which has responsibility for that infrastructure, has failed to secure its own computers against the threat of cyberattack.

“In preparation for Y2K, government agencies were asked to develop plans to ensure that critical systems were protected and secured,” said Senator Collins. “Have those plans fallen by the wayside? The Administration has reason to believe that cyberattacks could be part of terrorists’ game plans. We cannot afford to be caught off guard.”

Senator Collins pointed out that protecting the nation’s cyber infrastructure is required under the Federal Information Security Management Act of 2002 and its predecessor, the Government Information Security Reform Act.