Oversight panel gives feds failing grades on cybersecurity reforms

Federal government agencies are failing to properly manage and secure their IT systems and acquisitions, according to a new scorecard released Wednesday by the House Oversight Committee.

"For decades the federal government has operated with poorly managed and outdated IT infrastructure,” committee members said in a statement. “Cyberattacks are a real threat to this country. Federal agencies must act now.”


The scorecard ranks agencies on the implementation of four key provisions of the Federal Information Technology Acquisition Reform Act (FITARA), which was enacted in December 2014.

The law was intended to reform the federal IT acquisition process and cut down on wasteful spending on outdated legacy technology.

The report card graded agencies on their progress in consolidating data centers, cutting down on duplicative spending, enhancing agency CIO authorities and providing project risk assessments.

The Department of Corrections and the General Services Administration received the highest grade — a B — while the departments of Energy and Education and NASA all received failing grades.

The Department of Homeland Security, seen to have some of the best cybersecurity practices of the federal government, received a C.

The State Department, recently embroiled in controversy surrounding former Secretary Hillary ClintonHillary Diane Rodham ClintonBlumenthal calls for declassification of materials detailing Russian threat to US elections Hillary Clinton roasts NYT's Maureen Dowd over column Hillary Clinton touts student suspended over crowded hallway photo: 'John Lewis would be proud' MORE’s use of a private server, was saddled with a D grade.

The IT practices of federal agencies have been under fierce scrutiny in the wake of the devastating breach of the Office of Personnel Management (OPM) revealed this spring. The agency was widely seen to have “left the barn door open” from a data security perspective, allowing hackers to pilfer the records of 21.5 million federal employees and others.

OPM received a D on the FITARA scorecard.

The Oversight Committee — led by Chairman Jason ChaffetzJason ChaffetzThe myth of the conservative bestseller Elijah Cummings, Democratic chairman and powerful Trump critic, dies at 68 House Oversight panel demands DeVos turn over personal email records MORE (R-Utah) — has been out front in demanding accountability for the OPM hack.

Information Technology Subcommittee Chairman Will Hurd (R-Texas) has indicated that the committee will be ramping up its oversight of federal cybersecurity practices.

Speaking at a conference in September, Hurd said that ensuring a robust federal IT infrastructure is an area where he has “a lot of latitude” — and he expects to be exercising that authority in the coming months.

“Congress is doing a better job of playing our oversight role and you’re going to be seeing that,” Hurd said.

The committee will hold a hearing on the implementation of FITARA on Wednesday afternoon, expected to be the first of several on the subject.