The 2004 Cyber Security Report Card

The Washington Post today has a story headlined Uncle Sam Gets ‘D-Plus’ on Cyber-Security. It’s not a policy story – although the government would probably get a D-plus there, too – but rather an evaluation of how well each government agency is doing with its own security initiatives. You can see the the full results here, but here are some highlights: For the fifth straight year over half the agencies received a D-plus or worse. Seven agencies flunked, five for the second straight year including the Department of Homeland Security. (Think about that for a second. The organization charged with securing the United States of America can’t secure its own network well enough to get a D-minus, let alone a gentleman’s C. And two years in a row…I could go on for a long time about this.)

One agency that did do well was the Department of Transportation, which jumped from a D-plus to an A-minus. CIO Dan Matthews said that the reason for the improvement was high-level support and near-daily meetings with the Secretary, an explanation that will no doubt resonate with any CIO who has tried to get a project done.