Report: Government Agencies Not Doing Enough To Protect IT Systems

NASA and the U.S. Department of State were among the federal agencies that received low marks on IT security, according to a recent report card issued by the New York-based firm Security Scorecard. Also receiving low grades were the states of Connecticut, Pennsylvania and Washington.

The 2016 U.S. Government Cybersecurity Report, released earlier this month, analyzed the cybersecurity vulnerabilities of some 600 local, state and federal government agencies. It found that government organizations perform poorly in information security compared to private-sector enterprises in transportation, retail, healthcare and other industries.

Security Scorecard put a special focus on NASA, the Federal Bureau of Investigation and the Internal Revenue Service, all of which have been hit by significant data breaches this year. Across the board, government agencies struggled most with malware infections, network security and the timing of regular software patches, the report found.

'Too Many are Exposed'

Founded in 2013, Security Scorecard was started by Aleksandr Yampolskiy and Sam Kassoumeh, both information security veterans of the Gilt Groupe members-only sale-of-the-day site. That company was acquired earlier this year for $250 million by the Hudson's Bay Company, a Canadian retail business group.

According to Security Scorecard's Web site, the company uses three sources of information -- proprietary data, raw data feeds of publicly available open source malware intelligence and other threat intelligence data feeds -- to assess security performance. It grades sites based on hacker chatter, DNS (Domain Name System) health, presence of vulnerable applications, server-side vulnerabilities, use of corporate credentials on social networks and other metrics.

A Security Scorecard spokesperson told us that the company has also built sinkhole infrastructures that reverse engineer malware and capture related data. "[Our] honeypots are intentionally insecure systems created to monitor various types of attacks. This gives [us] an outside-in perspective that non-intrusively uncovers millions of vulnerability data...

Comments are closed.