03/18/03

Government Computer News reports:

A survey released today by the Computing Technology Industry Association showed that nearly two-thirds of reported security breaches were primarily the result of human error.

The results match the findings of a new House panel focusing on IT, said Rep. Adam Putnam (R-Fla.)

“Most of the problems associated with cybersecurity are management issues,” said Putnam, chairman of the new House Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census. “It’s a people problem.”

Putnam spoke at a meeting about IT security and work force issues hosted in Washington by the Computing Technology Industry Association of Oakbrook Terrace, Ill.

Both industry and government officials stressed the need for more education and certification of IT professionals, especially in security. But calling for education is one thing and paying for it is another, the speakers said.

“We’re thrilled that they’re giving attention to this,” said Timothy Grance, manager of the Systems and Network Security Group in the National Institute of Standards and Technology’s Computer Security Division. “We’d be even happier if they’d appropriate money.”

Grance said training is a cost-efficient way to help IT administrators secure systems. Changing an infrastructure is complex and expensive. But “there is a lot of low-hanging fruit out there” that could improve security with the proper priorities and adequate personnel training, he said.

The IT security of executive branch agencies will continue to receive congressional scrutiny. Putnam said his subcommittee would hold its first hearing on cybersecurity April 8 and would continue to issue annual report cards on security, a practice started by retired Rep. Steve Horn (R-Calif.).