Last week, I released my annual Federal government computer security grades. Government-wide, we saw signs of improvement and raised the overall grade from D+ to C-.

Some of those who covered our press event wondered how government could’ve improved its overall grade when so many key agencies — the Department of Defense (F), Department of Homeland Security (D), the Nuclear Regulatory Commission (F) and the State Department (F) — continue to score so poorly.

The improvements, especially in the case of DHS, came in large part because agencies reported they finally have a more complete inventory of their security-sensitive information equipment. You can’t protect what you don’t know you have, which is why we’ve bumped down agencies a full letter grade if they didn’t have complete inventories.

Of course, with DHS, this was no minor task. The Department, formed in the wake of 9/11, merged 22 federal agencies and more than 170,000 employees. Each agency brought its own computer systems, its own way of doing things. Finally, we’ve begun to see progress.

Sadly, this is not the case with Defense. There, just three agencies compete — Army, Air Force and Navy. But they are much farther from integrating and securing their systems than DHS. Defense is crippled by stovepiping, turf wars and stubbornness. So, although DHS soon could find itself with a grade that wouldn’t get it grounded in my house, don’t look for DOD to improve any time soon. That should worry us all.

This entry was posted on Monday, April 16th, 2007 at 12:45 pm and is filed under Homeland Security, Politics .