By Matthew Weigelt
Apr. 27, 2006
Rep. Tom Davis (R-Va.) predicted a "cyber Pearl Harbor," an attack in
the future that would penetrate the federal government in some way. He
said such an attack could cause deaths or a financial breakdown.
That is why the Federal Information Security Management Act's
standards are necessary as preventive measures, despite needing tweaks
and improvements, he said at an Industry Advisory Council and American
Council for Technology luncheon in Washington, D.C.
"It's difficult, I think, for managers out there when you get so much
thrown at you," Davis said. "You've got a lot of boxes to check."
However, the standards will be forced through appropriations as
lawmakers start to cooperate, he said. Davis said he is open to
feedback on FISMA requirements.
The House Government Reform Committee, which Davis heads, releases a
FISMA report card annually, grading each agency on its compliance with
FISMA standards. It released its 2005 report card March 16.
This year, the federal government as a whole had a D-plus for computer
Karen Evans, administrator of e-government and information technology
at the Office of Management and Budget, said after the luncheon that
officials are discussing the controversy over whether the security
certification and accreditation standards meet the legislation=92s
intended goals or whether FISMA is seen simply as a requirement.
She said she believes that meeting standards is beneficial, "if you do
it in the spirit in which it was intended."
Evans directed questions about possible upcoming changes to FISMA to
According to the latest assessment of federal agencies' FISMA
compliance, weaknesses and inconsistencies in agencies' security
management practices left dangerous holes in critical infrastructures.
Notably, agencies whose missions include homeland security received
failing grades in 2005. Grades for the Defense, Homeland Security,
Justice and State departments remained below average or dropped. Of
those four departments, DHS remained level with its 2004 grade of an
F, according to the committee's rating. The other departments' grades
fell from the previous year. DOD went from a D to an F, Justice
dropped from a B-minus to a D and State fell from a D-plus to an F.
"FISMA is still viewed by some federal agencies as a paperwork
exercise," Davis said at a congressional hearing in March, when the
committee released the grades. "But these are shortsighted
InfoSec News v2.0 - Coming Soon!