Oversight panel gives feds failing grades on cybersecurity reforms

Federal government agencies are failing to properly manage and secure their IT systems and acquisitions, according to a new scorecard released Wednesday by the House Oversight Committee.

"For decades the federal government has operated with poorly managed and outdated IT infrastructure,” committee members said in a statement. “Cyberattacks are a real threat to this country. Federal agencies must act now.”


The scorecard ranks agencies on the implementation of four key provisions of the Federal Information Technology Acquisition Reform Act (FITARA), which was enacted in December 2014.

The law was intended to reform the federal IT acquisition process and cut down on wasteful spending on outdated legacy technology.

The report card graded agencies on their progress in consolidating data centers, cutting down on duplicative spending, enhancing agency CIO authorities and providing project risk assessments.

The Department of Corrections and the General Services Administration received the highest grade — a B — while the departments of Energy and Education and NASA all received failing grades.

The Department of Homeland Security, seen to have some of the best cybersecurity practices of the federal government, received a C.

The State Department, recently embroiled in controversy surrounding former Secretary Hillary ClintonHillary Diane Rodham ClintonOvernight Defense: Trump declares border emergency | .6B in military construction funds to be used for wall | Trump believes Obama would have started war with North Korea | Pentagon delivers aid for Venezuelan migrants Sarah Sanders says she was interviewed by Mueller's office Trump: I believe Obama would have gone to war with North Korea MORE’s use of a private server, was saddled with a D grade.

The IT practices of federal agencies have been under fierce scrutiny in the wake of the devastating breach of the Office of Personnel Management (OPM) revealed this spring. The agency was widely seen to have “left the barn door open” from a data security perspective, allowing hackers to pilfer the records of 21.5 million federal employees and others.

OPM received a D on the FITARA scorecard.

The Oversight Committee — led by Chairman Jason ChaffetzJason ChaffetzTop Utah paper knocks Chaffetz as he mulls run for governor: ‘His political career should be over’ Boehner working on memoir: report Former GOP lawmaker on death of 7-year-old migrant girl: Message should be ‘don't make this journey, it will kill you' MORE (R-Utah) — has been out front in demanding accountability for the OPM hack.

Information Technology Subcommittee Chairman Will Hurd (R-Texas) has indicated that the committee will be ramping up its oversight of federal cybersecurity practices.

Speaking at a conference in September, Hurd said that ensuring a robust federal IT infrastructure is an area where he has “a lot of latitude” — and he expects to be exercising that authority in the coming months.

“Congress is doing a better job of playing our oversight role and you’re going to be seeing that,” Hurd said.

The committee will hold a hearing on the implementation of FITARA on Wednesday afternoon, expected to be the first of several on the subject.