US cyber-security 'nearly failing'

Cyber-security in the US is "nearly failing" and has been given a "must try harder" D+ rating by the Federal government.

The US Office of Management and Budget set forth cyber-security standards in the Federal Security Management Act 2002, encouraging federal agencies to tighten their IT systems.

But government agencies are still not operating in a secure environment and have earned a nearly failing overall rating of D+.

However, as the government works to address these deficiencies, police and other civilian agencies are expected to boost cyber-security spending by 27 per cent over the next five years, according to the latest Input/Output report released today by government analyst Input.

The report noted that, although cyber-security spending grew modestly prior to 11 September, terrorist attacks changed the focus of IT spending from development and modernisation to advanced infrastructure security.

"The effects of 9/11 have changed the way federal agencies approach cyber-security," said Marcus Fedeli, manager of federal opportunity products at Input.

"Continued fear over potential terrorist attacks has caused an almost desperate need for the improvement of current standards and levels of security. New requirements will cause civilian IT security spending to grow steadily this year."

The Input/Output study highlights the limitations and shortcomings of existing cyber-security technologies including insecure VPN connections and faulty firewall protection. These vulnerabilities leave IT systems open to fraud, sabotage and destruction, according to the report.

Planned IT security spending for US civilian agencies for 2005 is roughly $1.6bn, accounting for about 17 per cent of the total civilian agencies' development, modernisation and enhancement budget for the year.

Top civilian agency spenders include the departments of Homeland Security, Health & Human Services, Energy and Transportation.

"As demonstrated by the current security evaluation, there are still important advancements to be made in the area of cyber-security, particularly within federal civilian agencies," said Fedeli.

"We expect to see these agencies rely heavily on outside contractors to provide the products and services necessary to secure IT systems government-wide.

"The need to satisfy legislative mandates will create opportunities for technology vendors to work in the public sector."