GAO finds security plan lacking

Federal agencies do not have the experience, tools or legislative backing to secure their systems to the degree required by the administration's new National Plan for Information Systems Protection, according to the General Accounting Office.

The plan is "an important and positive step forward toward building the cyberdefense necessary to protect critical information assets and infrastructures," said Jack Brock, director of governmentwide and defense information systems at GAO's accounting and information management division. But there are several ways the Critical Infrastructure Assurance Office could improve it, he said this week in written testimony to the Senate Judiciary Subcommittee on Technology, Terrorism and Government Information.

The plan calls for federal agencies to be the country's models for information security practices, but GAO audits have found that 22 of the largest agencies have significant computer security weaknesses. The plan touches on solutions to a few of the key problems, but changes will not happen quickly, Brock said.

Another major problem that Congress will have to help fix is the reliance on the outdated Computer Security Act, Brock said. The act, passed into law in 1987, was not designed to handle networked environments with multiple levels of security and vulnerabilities.

The House and Senate are both working on bills to enhance IT security legislation, including the Computer Security Enhancement Act (H.R. 2413) and the Government Information Security Act (S. 1993).

"Such efforts could play and integral role in further strengthening the plan," Brock said.


  • People
    Federal 100 logo

    Announcing the 2021 Federal 100 Award winners

    Meet the women and men being honored for their exceptional contributions to federal IT.

  • Comment
    Diverse Workforce (Image: Shutterstock)

    Who cares if you wear a hoodie or a suit? It’s the mission that matters most

    Responding to Steve Kelman's recent blog post, Alan Thomas shares the inside story on 18F's evolution.

Stay Connected