FREE eLETTER SIGNUP
Washington Technology Newswatch delivers the latest news to your inbox.
The National Magazine for Government Contractors.
Site Search Quickfind Go
Login | Register
Updated 1:31 PM EST August 27
CURRENT ISSUE About Us
Sprint
HOT TOPICS
Authentication/
Identity Management
Budget/Policy/Legislation
Civilian Agencies
Contract Awards
Defense
Emerging Technology
Financial Markets
Homeland Security
Industry News
Mergers/Acquisitions
Mobile/Wireless
Outsourcing
Procurement
Security
Small Business
State and Local
Telecom/IT Infrastructure
Top 100
RESOURCES
researchstore
SPONSOR SOLUTIONS

More >>

STORY TOOLS: Email this Story Print this Story Contact the Author Contact Order Reprints of this Story Reprints
Washington Technology home > web stories

05/24/05 -- 09:26 AM

Rep. Davis says more security measures needed for contractors

By Roseanne Gerin
Staff Writer

RELATED TOPICS
Civilian Agencies
Budget / policy / legislation
Outsourcing
Security
SHARE ARTICLE
Digg Digg Yahoo Yahoo
Del.icio.us Del.icio.us Google Google

Rep. Tom Davis (R-Va.) said information technology systems provided by contractors are “potential Trojan horses for cyberattacks” and called for additional measures to supplement and strengthen existing security policies for contractor-provided IT systems.

“The federal government is dependent on information technology services and systems provided by outside contractors,” Davis, the chairman of the House Government Reform Committee, said in a statement issued yesterday in response to an April 22 Government Accountability Office report on information security.

“While these contractor systems undoubtedly contribute to the effectiveness of the federal government, they are potential Trojan horses for cyberattacks unless more is done. Given the interconnectivity of systems across cyberspace, all it takes is one weak link to break the chain,” he added.

The GAO report, titled “Information Security: Improving Oversight of Access to Federal Systems and Data by Contractors Can Reduce Risk,” said that in relying on IT services and systems provided by contractors, federal agencies were not doing enough to secure their information and face a range of operational, strategic and legal risks. For example, the report said, malicious code could be inserted into agency software and systems.

The report cited that efforts to update the Federal Acquisition Regulation (FAR) to include information security requirements of the Federal Information Security Management Act of 2002 have been under way since 2002, but are still incomplete. FISMA established a framework for enhancing the effectiveness of information security controls that support federal operations and assets.

Although most federal agencies have information security policies in place for contractors, only a small part of them address oversight, Davis said. Only a few agencies use a self-assessment tool established by the National Institute of Standards and Technology to measure the status of contractors that provide IT systems, he said.

The House Government Reform Committee will examine the Office of Management and Budget’s efforts to update the FAR to include stricter information security requirements, Davis said. Amendments to facilitate implementation of the security principles that drive FISMA may be necessary, he added.


WASHINGTONTECHNOLOGY LATEST NEWS GCN.COM FCW.COM

TOP JOBS FROM LOCAL EMPLOYERS
All Top Jobs

Home | About | Advertise | Contact | Custom Media | Editorial Calendar | Events
List Rental | Privacy Policy | Reprints/Linking Policy | Subscribe | Site Map

1105 Media, Inc.

© 1996-2008 1105 Media, Inc. All Rights Reserved.