Oversight panel gives feds failing grades on cybersecurity reforms

Federal government agencies are failing to properly manage and secure their IT systems and acquisitions, according to a new scorecard released Wednesday by the House Oversight Committee.

"For decades the federal government has operated with poorly managed and outdated IT infrastructure,” committee members said in a statement. “Cyberattacks are a real threat to this country. Federal agencies must act now.”


The scorecard ranks agencies on the implementation of four key provisions of the Federal Information Technology Acquisition Reform Act (FITARA), which was enacted in December 2014.

The law was intended to reform the federal IT acquisition process and cut down on wasteful spending on outdated legacy technology.

The report card graded agencies on their progress in consolidating data centers, cutting down on duplicative spending, enhancing agency CIO authorities and providing project risk assessments.

The Department of Corrections and the General Services Administration received the highest grade — a B — while the departments of Energy and Education and NASA all received failing grades.

The Department of Homeland Security, seen to have some of the best cybersecurity practices of the federal government, received a C.

The State Department, recently embroiled in controversy surrounding former Secretary Hillary ClintonHillary Diane Rodham Clinton2016 pollsters erred by not weighing education on state level, says political analyst Could President Trump's talk of a 'red wave' cause his supporters to stay home in midterms? Dem group targets Trump in M voter registration campaign: report MORE’s use of a private server, was saddled with a D grade.

The IT practices of federal agencies have been under fierce scrutiny in the wake of the devastating breach of the Office of Personnel Management (OPM) revealed this spring. The agency was widely seen to have “left the barn door open” from a data security perspective, allowing hackers to pilfer the records of 21.5 million federal employees and others.

OPM received a D on the FITARA scorecard.

The Oversight Committee — led by Chairman Jason ChaffetzJason ChaffetzMatt Schlapp: Trump's policies on Russia 'two or three times tougher than anything' under Obama Tucker Carlson: Ruling class cares more about foreigners than their own people Fox's Kennedy chides Chaffetz on child migrants: 'I’m sure these mini rapists all have bombs strapped to their chests' MORE (R-Utah) — has been out front in demanding accountability for the OPM hack.

Information Technology Subcommittee Chairman Will Hurd (R-Texas) has indicated that the committee will be ramping up its oversight of federal cybersecurity practices.

Speaking at a conference in September, Hurd said that ensuring a robust federal IT infrastructure is an area where he has “a lot of latitude” — and he expects to be exercising that authority in the coming months.

“Congress is doing a better job of playing our oversight role and you’re going to be seeing that,” Hurd said.

The committee will hold a hearing on the implementation of FITARA on Wednesday afternoon, expected to be the first of several on the subject.