Loan system gets mixed reviews
Officials at some colleges and universities remain uncertain about the helpfulness of a student loan information system run by the Education Department, according to a General Accounting Office report released last month.
Of the nearly 500 officials surveyed by GAO, 31 percent said they believed the National Student Loan Data system, which went online in February 1997, reduced the time needed for administering student financial aid. And 15 percent said they believed the system helped reduce the staff needed for administering student aid.
However, 61 percent said they believed the system made student data easier to access, and 59 percent said the system reduced the amount of paper handled in administering student aid, according to the report.
Schools use the NSLD system to report, confirm and update the enrollment status of students borrowing money. Education officials believe the system is key to determining student eligibility for federal aid. For example, GAO reported that in 1995 about 43,500 ineligible students had received more than $138 million in financial aid through Education programs.
NRC: Shift IT security research
The federal government must increase research into information technology security and create new technologies that will protect the systems that control the nation's vital services, according to a National Research Council report released last month.
The federal government, specifically the Defense Advanced Research Projects Agency and the National Security Agency, must shift away from its research on mainframes— which have dominated government IT in the past— and focus instead on ways to stem new kinds of cyberattacks that are now possible because of networked computers, the extensive use of the Internet and increased use of commercial off-the-shelf software, the report concluded.
The report, "Trust in Cyberspace," recommended that DARPA increase its focus on information security and networked system trustworthiness, especially with regard to long-term research efforts. DARPA should focus on researching the containment of security breaches, preventing denial-of-service attacks and examining cryptographic infrastructures.
GAO says Y2K threatens Medicare
The delivery of Medicare benefits and services in 2000 most likely will be interrupted because the Health Care Financing Administration is "severely behind" schedule in testing and repairing date-conversion problems in computer systems, according to GAO.
The agency is so far behind schedule in its work that as of June 30, less than one-third of Medicare's 98 mission-
critical systems had been reprogrammed, and none had been tested, GAO found. In addition, GAO found that HCFA has not developed management practices necessary to direct and monitor Year 2000 work, compounding the problem.
As a result, "it is highly unlikely that all of the Medicare systems will be compliant in time to ensure the delivery of uninterrupted benefits and services into the Year 2000," the report stated.
Nancy-Ann Min DeParle, HCFA's administrator, said the agency has made progress since June. She said 85 percent of HCFA's external computer systems, such as those that issue payments for medical services, have been fixed, and 95 percent of the agency's internal systems have been fixed.
She also announced that the agency is establishing a "war room" in Baltimore with staff dedicated to tracking Year 2000 progress and ensuring that all efforts stay on schedule.
GAO: Security holes lead to fraud
Inadequate computer security procedures and poor internal management controls at the Defense Finance and Accounting Service and throughout the Air Force have allowed government employees to embezzle more than $1 million, according to GAO.
In two reports released last month, GAO concluded that weaknesses in computer security and poor management oversight at DFAS and the Air Force allowed government payroll and contracting officials to create phony invoices, change personal payroll data and electronically route fraudulent payments to personal bank accounts.
According to GAO, of 13 known cases occurring from 1991 to 1998, six involved inappropriate levels of access to computer systems and electronic transfers of money that totaled more than $1.1 million in government funds.
According to one of the reports, "Financial Management: Improvements Needed in Air Force Vendor Payment Systems and Controls," GAO investigators identified significant gaps in computer security procedures that permitted improper access to the vendor payment system.
"The number of staff with such access is excessive and widespread throughout DFAS and the Air Force," the report says. "Computer security over the operating system and the vendor payment application for DFAS [in Denver] is weak."