GAO: Agencies Still at Security Risk

Security holes in agency computer systems still place operations and assets at risk for fraud, misuse and disruption, a top General Accounting Office official told House lawmakers during a Sept. 26 hearing on critical information technology infrastructure security.

Citing GAO reports going back to July 1999, Joel Willemssen, a managing director with the congressional watchdog agency, said federal systems are "not being adequately protected from computer-based threats, even though these systems process, store and transmit enormous amounts of sensitive data and are indispensable to many federal agency operations."

For example, Willemssen said the numerous Internet worms that have appeared in the last few months, such as Code Red, Code Red II and SirCam, have disrupted government operations. Willemssen testified before the House Government Reform subcommittee on government efficiency, financial management and intergovernmental relations.

Noting striking similarities in the nature of the weaknesses among each of the 24 agencies GAO reviewed, Willemssen said six areas need improvement:

*Access controls, to ensure only authorized individuals can read, alter or delete data.

*Software development, for assuring only authorized software programs are implemented.

*Security program management, for providing the framework for ensuring that risks are understood.

*Segregation of duties, to reduce the risk of unauthorized usage.

*Operating systems controls, to protect sensitive programs from tampering and misuse.

*Service continuity, to ensure significant disruptions.

Willemssen, who oversees IT issues for the GAO, said most agencies have remedial efforts under way, but recommended agencies should adopt "a strong agencywide security management framework" by assessing risks, promoting awareness of security polices and implementing routine tests and examinations.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.


contracts DB