Information Security: Progress Made, but Challenges Remain to Protect Federal Systems and the Nation's Critical Infrastructure: Testimony of Robert F. Dacey, Director, Information Security Issues, before the Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census, House Committee on Government Operations [open pdf - 777KB]
This statement discusses the challenges that the US faces concerning federal information security and critical infrastructure protection (CIP). Federal agencies and other public and private entities rely extensively on computerized systems and electronic data to support their missions. CIP involves activities that enhance the security of the cyber and physical public and private infrastructures that are essential to US national security, national economic security, and/or national public health and safety. Accordingly, the security of these systems and data is essential to avoiding disruptions in critical operations, data tampering, fraud, and inappropriate disclosure of sensitive information. Further, protecting against computer-based attacks on critical infrastructures is an important aspect of homeland security. This testimony provides an overview of the increasing nature of cyber security threats and vulnerabilities and of the continuing pervasive weaknesses that led GAO to initially begin reporting information security as a governmentwide high-risk issue in 1997. It also discusses the status of actions taken by the Office of Management and Budget (OMB) to address overall weaknesses and challenges identified through its GISRA analyses. The federal government continues to need to be guided by a comprehensive improvement strategy and to identify and correct their information security weaknesses that the GISRA analyses revealed at 24 of the largest federal agencies since GAO found that these agencies still have not established information security programs consistent with legal requirements.
Government Accountability Office (GAO): http://www.gao.gov/