Department of AgricultureDepartment of CommerceDepartment of DefenseDepartment of EducationDepartment of EnergyDepartment of Health and Human ServicesDepartment of Homeland SecurityDepartment of Housing and Urban DevelopmentDepartment of the InteriorDepartment of JusticeDepartment of LaborDepartment of StateDepartment of TransportationDepartment of the TreasuryDepartment of Veterans AffairsThe Environmental Protection AgencyGeneral Services AdministrationNational Aeronautics and Space AdministrationNational Science FoundationNuclear Regulatory CommissionOffice of Personnel ManagementSmall Business AdministrationSocial Security AdministrationU.S. Agency for International Development

What is this list you ask? All of the branches of the U.S. government?

No. Just those federal agencies who continue to report deficiencies in their information security.

In their fiscal year 2008 performance and accountability reports 20 of the 24 the above agencies noted that inadequate information system controls were either a material weakness or a significant deficiency.

In addition 23 of the 24 agencies did not have adequate controls in place to ensure that only authorized individuals could access or manipulate data on their systems and networks.

This report shows that U.S.-based networks are leading the way in cyber attacks followed closely by The People's Republic of China. Image by xo.com.

Making a typical understatement in March the Government Accountability Office reported that "the present cyber security strategy has not been fully effective in mitigating the threat."

Over the past 3 years the number of incidents reported by federal agencies has increased dramatically -- tripling from 5503 incidents reported in fiscal year 2006 to 16843 incidents in fiscal year 2008.

GhostNet: A Malware-based Cyber-Espionage Network

So what does Gregory C. Wilshusen Director Information Security Issues recommend as a fix?

The list of improvements includes:

developing a national strategy that clearly articulates strategic objectives goals and prioritiesestablishing White House leadership [emphasis mine]
publicizing and raising awareness about the seriousness of the cyber security problemfocusing more actions on prioritizing assets assessing vulnerabilities and reducing vulnerabilities than on developing additional plansbolstering public/private partnerships through an improved value proposition and use of incentives [i.e. using hackers]focusing greater attention on addressing the global aspects of cyberspaceplacing greater emphasis on cyber security research and development including consideration of how to better coordinate government and private sector effortsincreasing the cadre of cyber security professionals

Until these improvements are considered" Mr. Wilshusen concludes "our nation’s federal and private sector infrastructure systems remain at risk."

Source: Federal Information Security Issues (PDF 7 pages)

Further reading:

WSJ: Electricity Grid in U.S. Penetrated By Spies (who not only breached the electrical grid’s ramparts but also left behind software that could allow them to cripple the system.)

America's enemies have targeted its cyber vulnerabilities

The Launching of U.S. Cyber Command (CYBERCOM)

Bill Allows Obama Power to Shut Down Internet

..................................................................................