is presently fighting off an incurable lung cancer, think I maybe winning (mesothelioma)
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
OT - Earthquake 8.5 - off Jacarta Indonisia. eom
The govermental deal EDS closed in London the other week, was using Fujitsu, who (as far as I can see) use TPM's only on a couple of their laptops. eom
eamonn! - I'm afraid that the geeky concept of the big brother threat especially here in the UK/Europe, will be of the many big stumbling blocks Wave & TCP will have to negotiate, before any real worldwide public masses acceptance can find any sort of traction.
As far commerce is concerned, yes it's all a wow.
But greedy Joe! - has got open arms to all forms of d/loaded internet pirated free entertainment, so drm's/tpm's are regarded at this time as the 'filth', our full on WXP content could just shine a light, maybe just one of the keys to help promote the way, and get thro' that door - that is perhaps when Hollywood finally stops arguing. e/
Panic Over! - UK Banks have just announced that they will not use their keyboards anymore - only the mouse. Heeellp. e/
eamonn - Financial institutions, especially our UK variety could do with a bigtime wake up call. e/
Unclever! - Unselfish efforts - many thanks. eom/
Empty out your purses wavoids! - Nows the time to up the break even. 'Cus there won't be too many more like this in the near future. eom
"IdentiPHI Software Package
comprised of several well-known, advanced security products - is a "super bundle" that provides a high level of computer and network security management capabilities. IdentiPHI is an authentication and identity management solution that includes smart card technologies, TPM, single sign-on and card management systems.
Contact Dell for More Information About IdentiPHI"
http://www1.us.dell.com/content/topics/segtopic.aspx/verticals/security_identity_user?c=us&cs=55...
This Doma find - could now produce an overdue PR from Dell, and provide the push thats been so long coming - IMO this definately gives off the feeling of much more! - than just the standard Wave amalgamation deal? eom.
DOMA - Nice piece of Sunday DD! - Certainly warms the cockles, roll on summer. eom/
TechScaler provides best of breed IT infrastructure products, solutions and services nationwide.
http://www.techscaler.com/
Favorites Description Part Number Sell Price In
Stock Add to
Cart
Intel - Intel Desktop Board D915GEVLK
Mainboard - ATX - i915G - LGA775 Socket - UDMA100, SATA - Gigabit Ethernet - video - HD Audio BOXD915GEVLK $165.00 428
Intel - Intel Desktop Board D915GUXL
Mainboard - micro ATX - i915G - LGA775 Socket - UDMA100, SATA - Ethernet - video - HD Audio BOXD915GUXL $146.00 1321
Intel - Intel Desktop Board D915GEVL
Mainboard - ATX - i915G - LGA775 Socket - UDMA100, SATA - Ethernet - video - HD Audio BOXD915GEVL $149.00 1141
Intel - Intel Desktop Board D915GUXLK
Mainboard - micro ATX - i915G - LGA775 Socket - UDMA100, SATA - Gigabit Ethernet - video - HD Audio (pack of 10 ) KD915GUXLKPAK10 $1,608.00 1
Intel - Intel Desktop Board D915GAVL
Mainboard - ATX - i915G - LGA775 Socket - UDMA100, SATA - Ethernet - video - HD Audio (pack of 10 ) BLKD915GAVL $1,358.00 90
Intel - Intel Desktop Board D915GEVLK
Mainboard - ATX - i915G - LGA775 Socket - UDMA100, SATA - Gigabit Ethernet - video - HD Audio (pack of 10 ) BLKD915GEVLK $1,603.00 0
Intel - Intel Desktop Board D915GUXL
Mainboard - micro ATX - i915G - LGA775 Socket - UDMA100, SATA - Ethernet - video - HD Audio (pack of 10 ) BLKD915GUXL $1,432.00 8
They only had one tpm board up for grabs, the last time I checked! eom
RSA Gives eTrade Transactions Extra Layer of Security
By Dennis Fisher
March 1, 2005
http://www.eweek.com/article2/0,1759,1771196,00.asp
Following the lead of a number of European banks and financial institutions, eTrade Financial Corp. on Tuesday announced that it plans to offer its online banking customers the option of using RSA Security Inc.'s SecurID tokens as an added layer of security for online transactions.
This deal makes eTrade the first major financial institution in the United States to offer two-factor authentication to its customers, a service that many security experts and chief security officers in the financial industry see as a necessity if online banking is to continue to expand. Many banks in the U.K. and Europe offer two-factor authentication options for their customers, including a variety of different one-time password solutions. ADVERTISEMENT
eTrade customers who take advantage of the new offering will log on to the company's site using both their username and password and a one-time code generated by the SecurID token. The token creates a new six-digit code every minute, so a user will never use the same one twice.
Such two-factor solutions are gaining favor in a variety of industries of late, but are especially useful in sectors such as banking and finance that have been hit the hardest by phishing and other online fraud schemes. Many of these scams are designed to steal usernames and passwords and account numbers for online banking sites. But that information would be of little use if the bank also required a second form of authentication to log in.
RSA executives said that they anticipate other financial institutions following eTrade's lead on two-factor authentication.
"It is a major event. Banks in the Americas have been a little slower in getting going with this. It's been happening in Europe. I think eTrade's move validates that consumers see security as an important factor," said John Worrall, vice president of worldwide marketing at RSA, based in Bedford, Mass.
"This is an important market for us. I do expect that other organizations, whether they're banks or something else, will deploy this technology," he said.
eTrade's program, called Digital Security ID, will be a voluntary one, and the SecurID tokens will be free for customers who have more than $50,000 in assets managed by the company. The company did not say what the cost will be for customers who don't meet that requirement. eTrade, based in New York, plans to roll out the program in the second quarter.
Check out eWEEK.com's Security Center for the latest security news, reviews and analysis
OT Thanks Hammy! - Its bl**dy freezing down here! - Come June we may well be in front of spectacular fireworks, it's just I can't get over, our General 'has gone missing in action'! eom
Well said zen! - Poor Yayapapadoc for me a real gent'...
These Wavx years are certainly the most exciting years to be amongst, that said, how many of us here, will make it over the ever lengthening bridgeway. eom
The Dell / Wave association apart from all the other goodies, is the quite powerful prolific advertising angle to come - y'know the mostly Dell bumph that drops out of - and is in most papers/mags - very punter readable stuff, and that is of course, when we're eventually allowed some decent coverage. eom
Wavx @ 1.10 - Five years ago or whatever, this sort of all round news coverage Wave is receiving of late, just think! - that it would have taken out the $50 stock price max - upto at least the notorious $300 plus.
Bearing in mind the flux state of the markets then. IMO eom
Excellent DD buffet! - Looks like another Wave IDF slam dunk. eom
Escrow! - This story ran in our UK Sunday Times, although we have had EDS associations of sorts in the past, and Fujitsu does have tpm's in some of its laptops, I'm not convinced the deal allows for trusted computing (unfortunately) as we know it. eom
I would think - that was SKS at his best - excellent presentation IMHO. Especially liked the swipe at RSA / Verisign tokens. LOL. eom
Vacationhouse thanks - I think we're getting closer! - The many govermental departments must have been concerned with possible hard disc data removal from their machines, and this will undoubtably shut that door. IMO eom
I see now what you mean Will! - 'Dell EMBASSY Trust Suite 1.0 Client with Software [$20]' - then to the search on 'Product details', just leaves you out in a void - obviously page hasn't been written up as yet. eom
Will! - It doesn't really jump out at you! if you scroll to the page bottom, after hitting 'customise' - you then need to hit the lower 'continue' button twice to move thro' to the 'accessories' page, and its entered just at the lower end of the page. Talk about buried ...sheeesh! eom
Market WAVX appears poised on the front foot! - Waiting for the off. eom
Could this next week be the week that was! - Icy shivers yes perhaps, but hey!! we've been due a little more leash for sometime now, it's been a long slog to date - and if some of our eminent DD posters are correct, then our next doorway has indeed been opened IMO. eom
Larger bids coming in... 18K at 1.16 - GAME ON! eom
Snackman! - Amongst the true-blues I think rightly or wrongly we've all increased our Wavx positions! - Nothing quite like a nicely balanced portfolio Lol eom
;?)
Wave Systems Demonstrates Next Generation, Secure Enterprise Software at Business Partner Conference in Las Vegas
2/25/2005 12:28:00 PM
LEE, Mass., Feb 25, 2005 (BUSINESS WIRE) -- Wave Systems Corp. (WAVX) today announced its EMBASSY(R) Trust Suite (ETS) software will be demonstrated in Booth 804 at IBM PartnerWorld 2005, February 27 - March 2, at the Mandalay Bay Resort Hotel and Convention Center, Las Vegas, NV. Business partners seeking Wave appointments and demonstrations may contact Greg Cobb at gcobb@wavesys.com.
At this business partner conference Wave will highlight the newest capabilities of its ETS software, including policy management, and management tools to enable hardware security in applications such as email and wireless authentication. Wave has designed its ETS software to be easy to use, to be interoperable across all available platforms and security chip vendors, and to offer server solution upgrades needed by enterprises and government users.
Wave's ETS secure software capabilities include:
-- EMBASSY Security Center - for establishing security policy
management to strengthen authentication to Microsoft Windows
and other secure applications with multifactor authentication
capabilities, including fingerprint biometrics.
-- Document Manager Vault - for protecting files and folders in
multiple, networked, sharable secure drives that are
compatible with Microsoft Windows Explorer.
-- Private Information Manager - for storage and automation of
user names, passwords and personal information in a secure
environment, and now supporting personal notes and multiple
identities per login for the same user.
-- SmartSignature - for digital signature of electronic contracts
in a secure environment.
-- Key Transfer Manager - for backup and protection of the
hardware encryption keys used for critical personal computer
data and integrated with the ETS applications for enterprise
needs.
-- Secure Email - for understanding and configuration of Trusted
Platform Module (TPM)-based certificates for email encryption
using Microsoft Outlook.
-- Secure EFS - for configuration of TPM-based certificates in
Microsoft's Encrypting File System file and folder encryption.
-- Secure Wireless Authentication - for understanding how to use
TPM-based certificates for strong authentication to an
802.1x-compatible wireless access point.
Wave's ETS software solutions are designed to be compliant with the Trusted Computing Group (TCG) specifications. The computer industry has shipped millions of PCs embedded with a TCG-standard chip, called the Trusted Platform Module. Wave has designed its secure business productivity software to work with all TCG-compliant TPMs commercially available.
More information about EMBASSY Trust Suite products is available through Wave at www.wave.com.
About Wave Systems
Consumers and businesses are demanding a computing environment that is more trusted, private, safe and secure. Wave is the leader in delivering trusted computing applications and services with advanced products, infrastructure and solutions across multiple trusted platforms from a variety of vendors. Wave holds a portfolio of significant fundamental patents in security and e-commerce applications and employs some of the world's leading security systems architects and engineers. For more information about Wave, visit http://www.wave.com.
Safe Harbor for Forward-Looking Statements
Except for the statements of historical fact, the information presented herein constitutes forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Such forward-looking statements involve known and unknown risks, uncertainties and other factors which may cause the actual results, performance or achievements of the company to be materially different from any future results, performance or achievements expressed or implied by such forward-looking statements. Such factors include general economic and business conditions, the ability to fund operations, the ability to forge partnerships required for deployment, changes in consumer and corporate buying habits, chip development and production, the rapid pace of change in the technology industry and other factors over which Wave Systems Corp. has little or no control. Wave Systems assumes no obligation to publicly update or revise any forward-looking statements.
All brands are the property of their respective owners.
SOURCE: Wave Systems Corp.
P'raps its only me! - but I don't remember an event progress announcement of this stature before???
.........'an overview of Wave and its progress in deploying trusted computing software and services' eom/
Wave Systems Management to Present at Wall Street Analyst Forum March 1st in New York City
2/25/2005 8:30:00 AM
LEE, Mass., Feb 25, 2005 (BUSINESS WIRE) -- Wave Systems Corp. (WAVX) announced today that its president and CEO, Steven Sprague, and its CFO, Gerard Feeney, will provide an overview of Wave and its progress in deploying trusted computing software and services at The Wall Street Analyst Forum investor conference on Tuesday, March 1st at 8:20 a.m. The conference, which is for institutional investors and analysts, will be held in New York City at the Roosevelt Hotel at Madison Avenue and 45th Street.
Those interested in Wave's conference presentation may access a live audio webcast of the presentation along with a copy of its PowerPoint presentation from Wave's website at http://www.wave.com. Please allow 15 minutes to register, download and install any necessary software. Following Wave's presentation, an audio replay will be available for approximately 30 days.
About Wave Systems Corp.:
Consumers and businesses are demanding a computing environment that is more trusted, private, safe and secure. Wave is the leader in delivering trusted computing applications and services with advanced products, infrastructure and solutions across multiple trusted platforms from a variety of vendors. Wave holds a portfolio of significant fundamental patents in security and e-commerce applications and employs some of the world's leading security systems architects and engineers. For more information about Wave, visit http://www.wave.com.
SOURCE: Wave Systems Corp.
Wave Systems Corp.
Gerard T. Feeney, 413-243-1600
info@wavesys.com
or
Jaffoni & Collins
David Collins or Richard Land, 212-835-8500
wavx@jcir.com
or
The Wall Street Analyst Forum
Alyssa Boutin, Director, 802-253-7596
aboutin@analyst-conference.com
Copyright (C) 2005 Business Wire. All rights reserved.
kitesurf - Only just heard the news about John, an aneurism is an open artery to the brain! unless caught, pretty much inoperable - I just can't believe this - over time we had got damn pretty close - I'm upset that the General has left this battle field without us, to fight on alone.
I salute you Sir! - Lt Boom
OT dhamster! - Could you let me have your updated e/m address
please Hammy. eom/
The RSA conference was last week, and several things there stood out
for me. There was a record audience, record exhibitor presence, and a
lot of buzz. RSA is the leading security conference, but security wasn't
the hot topic. Rather, the words that got everyone's attention were
identity and compliance. It was quite entertaining to hear how vendors
tried to work those two words into their presentations, as it became
quite clear the audience was interested in little else (other than maybe
wondering if some new solution for spam or viruses had shown up - not
really.)
This confirmed what I've been seeing for a few months now, the identity
industry is reaching its first inflection point. Interestingly, it seems
that although everyone realizes that compliance is driving this increase
in sales, they aren't quite sure what that means. Is it a short term
bump, or a long term trend? What does it mean for the technology? It
was clear that many of those I talked to in the industry hadn't quite
sorted it out, even though they have the information in front of them
to do so.
What causes these major inflection points - where new technology finally
causes a paradigm shift and a new marketplace emerges? For LANs, it
was the concept of the file and print server that launched first Novell,
and then the ubiquity of local area networking. The Internet was just a
collection of interesting communications technology until the Web
browser and its hyperlink approach to real-time information organization
by the end user launched first Netscape and then the ubiquity of
global networking. There are other examples of true inflection points
in computing, where new technologies changed how everyone looked at
doing things. But what is it that they all have in common (and by
implication, how can you tell when another one is about to happen?)
The underlying theme is the emergence of what I will call "a universal
application" for the new technology that creates a solution to a
problem that nearly everyone has. It was the spreadsheet that sold
the PC, because that capability solved problems for nearly everyone
in business at any level. The file and print server solved problems
of sharing information in nearly every business setting. The web browser
solved problems of information research and organization "on demand"
that exist for nearly everyone.
Two days into the RSA conference, where the attendance was up over 30%,
the desire of the attendees for "answers" was palpable. As usual in
such a setting, vendors all have "an answer" to put forth, but something
wasn't quite lining up between what the audience wanted and how the
messages were put forth. The messages occurred at a level of technical
detail most of the audience no longer has patience for. People who in
the past gloried in hearing the details, now seem to be on some other
plane, and want more packaged "solutions." Explorers, who delight in
the technology itself, are giving way to those with real needs who
just want to know what works.
Slowly, listening to what triggered questions in sessions, talking to
people and vendors on the expo floor, the reason for this attitude
change emerged - they have a universal application now, and they just
want to know how to deal with it. That application goes by the name
of automating compliance, and it is on the verge of creating a significant
paradigm shift in the way we understand networked computing.
At this year's RSA conference you could see most of "security" morphing
into a component of something larger that needs to be integrated into
a compliance solution now or face becoming an ever more isolated set of
point solutions. The talk of strong authentication may seem to be based
in "security," but in reality it is all about creating a foundation for
automating compliance and assuring auditability. Identity management is
emerging in ways it never did before - driven almost exclusively by the
need to automate compliance. "Building trust in the network" surfaces
in discussions, but again it is driven by the need to create methods
that automate compliance. Just the whiff of the word compliance in a
pitch created a marked reaction from the audience. This is what they
wanted to hear about.
When the Web browser first surfaced, it was initially seen as "another
application" of internet technology, one among many. But it wasn't long
before it was clear, *this* was the paradigm shift that made the internet
have a universal application. Only after that occurred did email
consolidate its many forms into the one we know today, dragged along
only after the web browser made it clear that the internet was the
paradigm of the future for networking. Protocol wars that had raged
for years were suddenly resolved in favor of the TCP/IP and related
internet methods, because the Web browser made it clear which station
the train to somewhere interesting was leaving from.
In early 1994, it wasn't clear when or how "the inflection point"
for internet technology would ever occur. By mid 1995 it was quite
clear, and the reason was the emergence of the universal application
of the infrastructure - the web browser. Just as "security" still
needs to chase down viruses and worms, "remote access servers" then
still needed a lot of evolution and development. But the paradigm
shift had happened, and the details of technology were suddenly just
something that just had to get worked out on the way to the real show.
From then on they were judged by how much the helped the web browser
based universal application to deploy.
Last week I got the clear picture that the first universal application
of identity infrastructure has surfaced, and that through automating
compliance a major inflection point is at hand. If I'm right, we'll
know soon, as the Digital ID World conference is only 70 days away.
And when that group of experts and end users convenes, I now suspect
that automating compliance will be animating the conversation and
taking it to a new level.
The identity conversation is about to get interesting to a whole
new (and much larger) audience, because it is now becoming seen as
the path to creating a universally needed application that nothing
else can satisfy. Fortunately, my editorial calendar has the next
issue of the Digital ID World print magazine focusing on compliance.
And the story is taking shape there quite nicely indeed.
Identity finally has its universal application - something every
business will have to implement. And this will dramatically change
identity technology and rapidly grow the identity marketplace over
the next 24 months.
http://conference.digitalidworld.com/2005/16.php
awk! - 'The integrity of the the kernel OS is most likely done via a hash the value of which is stored in nonvolatile memory of the TPM.'
Would you think any of this now been compromised, to any extent? eom/ See below....
http://www.scmagazine.com/news/index.cfm?fuseaction=newsDetails&newsUID=6a327b34-1f06-4b07-95cf-...
Chinese crack SHA-1
by David Quainton
The Secure Hash Algorithm (SHA-1), previously thought of as virtually unbreakable, has been cracked by a research team from China.
The team, from Shandong University, the Chinese Academy of Sciences and Shanghai Jiaotong University, has proven SHA-1, used in the generation of digital signatures, can be compromised by a supercomputer.
"This attack builds on previous attacks on SHA-0 and SHA-1, and is a major, major cryptanalytic result," said cryptographic expert Bruce Schneier in his weblog. "It pretty much puts a bullet into SHA-1 as a hash function for digital signatures."
It was believed that some 2^80 operations would be needed to achieve a match (known as a collision). The research proves that a collision can be achieved at the much lesser figure of 2^69. A number that, although large, is breakable with today's computer technology.
Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu, who cracked SHA-1, last year released a paper discussing ways to compromise MD-4, MD-5, HAVAL and RIPEM-D, a group of other well-known algorithms.
www.schneier.com
Doma! - Your smart DD usually beats most - especially liked your other Dell find - http://66.102.9.104/search?q=cache:kHhuVRC9SeoJ:www.state.ak.us/local/akpages/ADMIN/info/plan/tmcDec.... eom
OT We could find ourselves in bed, with the Baltic mafioso LOL e/
My Lithuanian is a tad rusty! - but I looks a little like we have another strong link up with Dell brewing.eom
http://www.sonex.lt/dell/
Sonex to Distribute Wave Systems EMBASSY Trust Suite, Targeting Enterprises Interested in Trusted Computing in Eastern Europe
2/22/2005 4:00:00 AM
LEE, Mass., Feb 22, 2005 (BUSINESS WIRE) -- Wave Systems Corp. (WAVX) and Sonex Infrastructure Solutions Group (Sonex ISG) today announced that Sonex ISG will distribute Wave's EMBASSY(R) Trust Suite (ETS) software and infrastructure to enterprises interested in trusted computing solutions for personal computer security.
Sonex ISG will distribute Wave's EMBASSY Trust Suite software in Lithuania, Latvia and Estonia in eastern Europe. International group Sonex ISG consists of IT infrastructure and PC manufacturing companies "Sonex Kompiuteriai" (Lithuania), "Sonex Riga" (Latvia) and "Sonex Computers" (Estonia). Sonex ISG will host a press conference and customer seminar today in Vilnius at the Business Center Forum Palace to describe the distribution partnership and the trusted computing market opportunity.
Wave's ETS software is designed to deliver solutions compliant with the Trusted Computing Group specifications for trusted computing. Millions of PCs have been shipped by the computer industry embedded with a TCG-standard chip, called the Trusted Platform Module (TPM). TPMs serve as a platform for secure services and applications - offered by companies such as Wave. Wave has designed its secure business productivity software to work with all TCG-compliant TPMs commercially available. The hallmark of EMBASSY Trust Suite solutions is usability - designed to be easy to enable, easy to use and easy to manage by IT administrators.
"We believe that Trusted Computing is gaining strong momentum as an area of increasing importance to enterprises evaluating stronger data security," said Henrikas Genutis, CEO of Sonex ISG. "After looking at alternatives, we decided that Wave's EMBASSY Trust Suite client and server software is the best TCG-compliant solution addressing data protection, identity protection and access control needs in the enterprise."
"Sonex ISG is a Value Added Reseller with strong experience in distribution and marketing to system integrators, consultants and OEMs in eastern Europe They represent the leading companies in the marketplace, and we are proud to have our solutions chosen by them," said Bruno Leconte, Wave vice president, sales, EMEA.
The EMBASSY Trust Suite is designed to be compatible with the Microsoft Office(R) environment, and to deliver a variety of PC-related security and productivity tasks, in an intuitive, easy-to-understand format.
Software capabilities include Document Manager Vault for securing files and folders, SmartSignature for digital signature capability for secure electronic contracts, and Private Information Manager for secure storage and management of user names, passwords and personal information. Private Information Manager is designed to intelligently retrieve data for use in web pages, logging into web sites, or for filling forms.
Also available is Wave's Key Transfer Manager, an enterprise software solution that is designed to help backup and protect the hardware encryption keys used for critical personal computer data.
More information about EMBASSY Trust Suite products is available through Wave Systems at www.wave.com/products/ets.html.
About SONEX
Sonex Infrastructure Solutions Group consists of few IT infrastructure and PC manufacturing companies, operating in all Baltic States - Lithuania, Latvia and Estonia. Group manufactures and sells Vector brand computers and is the largest PC manufacturer in Baltic States. Group's companies provides it's customers with a wide range and high quality IT infrastructure products and services.
Sonex Infrastructure Solutions Group belongs to Sonex Holding - one of the largest IT products, solutions and services group in Baltic States. European Bank of Reconstruction and Development (EBRD) owns 36 percents shares of Sonex Holding. For more information about Sonex, visit http://www.sonex.lt .
About Wave Systems
Consumers and businesses are demanding a computing environment that is more trusted, private, safe and secure. Wave is the leader in delivering trusted computing applications and services with advanced products, infrastructure and solutions across multiple trusted platforms from a variety of vendors. Wave holds a portfolio of significant fundamental patents in security and e-commerce applications and employs some of the world's leading security systems architects and engineers. For more information about Wave, visit http://www.wave.com.
Jaybeaux! - I had one in my post a couple of days ago,
(a beautiful presentation) but as I'm not a Paypal member it didn't really connect. eom
OT wavxmaster! - Yipes! sorry Buffet but that was funny!! eom
Hold on Yaya (sob)! - Wavx Cavalry are coming!
http://www.gcn.com/vol1_no1/daily-updates/35092-1.html
02/16/05
Agency IT security improves only slightly, Congress says
By Jason Miller
GCN Staff
Even with the Office of Management and Budget’s emphasis on cybersecurity over the past four years, the federal government is barely secure—and Congress is frustrated.
Seven agencies, including the Department of Homeland Security, received failing grades and five others received Ds for their efforts to secure their IT systems, according to the fifth annual Federal Computer Security Grades handed out today by Rep. Tom Davis (R-Va.), chairman of the Government Reform Committee.
Overall, agencies scored a 67.3 out of 100, which is a D+, for 2004, an improvement of 2.3 points over 2003. The committee reviewed agency Federal Information Security Management Act reports to come up with the grades.
“The vulnerabilities of our systems are significant and the potential damage that can be done is almost unspeakable,” Davis said. “A lot of agency managers view this as a cost avoidance measure instead of a bigger issue. We have made progress, but I wish agencies would move faster.”
Davis added he was frustrated by the slow progress overall, but encouraged by some individual agencies, such as the State Department. State improved its score by 30 points to a D+.
“FISMA has made us a better and more effective agency,” said State CIO Bruce Morrison. “It has been taken seriously by our executive management and that is one of the reasons we improved.”
The Transportation Department made the biggest jump going from a D+ to an A-. The Agency for International Development received the only other A, scoring a 99 out of 100.
“We came up with a methodology to use across all agencies and we vetted it with our inspector general to make sure it measured security in an appropriate way,” Transportation CIO Dan Matthews said. “Secretary [Norman] Mineta also made it a priority and strongly encouraged us to stay on track.”
The departments of Agriculture, Commerce, Energy, Health and Human Services, Housing and Urban Development and Veterans Affairs joined DHS in earning failing scores for IT security.
“DHS needs stronger management,” Davis said. “But they also have other issues on the front burner that may [cause them to] take their eye off the ball.”
Along with the report card, Davis introduced a new program to provide chief information security officers with best practices and support from the public and private sector. The CISO Exchange will bring together industry and agency security experts in quarterly meetings to discuss issues and lessons learned, and produce a report on federal IT security priorities and operational issues.
Justice Department CIO Vance Hitch and Government Reform Committee staff director Melissa Wojciak will lead the council, which will hold its first meeting in May.
“It is hard to get your grades up and keep them up,” Hitch said. “The threat increases all the time and constant effort is not enough. You have to do new and innovative things to improve your performance.”
Davis said the private-sector participants have not yet been named.
“This group provides federal CISOs with a structured forum for education, information sharing and collaboration with the private-sector IT security community,” Davis said.