Cyber security (1 - 10 of 15 items)
Information Security: Agencies Need to Improve Controls over Selected High-Impact Systems
GAO-16-501: Published: May 18, 2016. Publicly Released: Jun 21, 2016.
In GAO's survey of 24 federal agencies, the 18 agencies having high-impact systems identified cyber attacks from “nations” as the most serious and most frequently-occurring threat to the security of their systems. These agencies also noted that attacks delivered through e-mail were the most serious and frequent. During fiscal year 2014, 11 of the 18 agencies reported 2,267 incidents affecting...
Information Security: IRS Needs to Further Enhance Controls over Taxpayer and Financial Data
GAO-16-590T: Published: Apr 14, 2016. Publicly Released: Apr 14, 2016.
In March 2016 GAO reported that the Internal Revenue Service (IRS) had instituted numerous controls over key financial and tax processing systems; however, it had not always effectively implemented safeguards intended to properly restrict access to systems and information. In particular, while IRS had improved some of its access controls, weaknesses remained with identifying and authenticating use...
Information Security: DHS Needs to Enhance Capabilities, Improve Planning, and Support Greater Adoption of Its National Cybersecurity Protection System
GAO-16-294: Published: Jan 28, 2016. Publicly Released: Jan 28, 2016.
The Department of Homeland Security's (DHS) National Cybersecurity Protection System (NCPS) is partially, but not fully, meeting its stated system objectives:Intrusion detection: NCPS provides DHS with a limited ability to detect potentially malicious activity entering and exiting computer networks at federal agencies. Specifically, NCPS compares network traffic to known patterns of malicious data...
Information Security: Federal Agencies Need to Better Protect Sensitive Data
GAO-16-194T: Published: Nov 17, 2015. Publicly Released: Nov 17, 2015.
Federal systems face an evolving array of cyber-based threats. These threats can be unintentional—for example, from software coding errors or the actions of careless or poorly trained employees; or intentional—targeted or untargeted attacks from criminals, hackers, adversarial nations, terrorists, disgruntled employees or other organizational insiders, among others. These concerns are further...
Information Security: Agencies Need to Improve Oversight of Contractor Controls
GAO-14-612: Published: Aug 8, 2014. Publicly Released: Sep 8, 2014.
Although the six federal agencies that GAO reviewed (the Departments of Energy (DOE), Homeland Security (DHS), State, and Transportation (DOT), the Environmental Protection Agency (EPA) and the Office of Personnel Management (OPM)) generally established security and privacy requirements and planned for assessments to determine the effectiveness of contractor implementation of controls, five of the...
Cybersecurity: Continued Attention Needed to Protect Our Nation's Critical Infrastructure
GAO-11-865T: Published: Jul 26, 2011. Publicly Released: Jul 26, 2011.
Increasing computer interconnectivity, such as the growth of the Internet, has revolutionized the way our government, our nation, and much of the world communicate and conduct business. However, this widespread interconnectivity poses significant risks to the government's and the nation's computer systems, and to the critical infrastructures they support. These critical infrastructures include sys...
Cybersecurity: Continued Attention Is Needed to Protect Federal Information Systems from Evolving Threats
GAO-10-834T: Published: Jun 16, 2010. Publicly Released: Jun 16, 2010.
Pervasive and sustained cyber attacks continue to pose a potentially devastating threat to the systems and operations of the federal government. In recent testimony, the Director of National Intelligence highlighted that many nation states, terrorist networks, and organized criminal groups have the capability to target elements of the United States information infrastructure for intelligence colle...
Information Security: Veterans Affairs Needs to Resolve Long-Standing Weaknesses
GAO-10-727T: Published: May 19, 2010. Publicly Released: May 19, 2010.
Since 1997, GAO has identified information security as a governmentwide high-risk issue. This has been particularly true at the Department of Veterans Affairs (VA), where the department has been challenged in protecting the availability, confidentiality, and integrity of its information and systems. Since the 1990s, GAO has highlighted the challenges the department has faced, including the need to...
Cybersecurity: Continued Efforts Are Needed to Protect Information Systems from Evolving Threats
GAO-10-230T: Published: Nov 17, 2009. Publicly Released: Nov 17, 2009.
Pervasive and sustained cyber attacks continue to pose a potentially devastating threat to the systems and operations of the federal government. In recent months, federal officials have cited the continued efforts of foreign nations and criminals to target government and private sector networks; terrorist groups have expressed a desire to use cyber attacks to target the United States; and press ac...
Cybersecurity: Continued Federal Efforts Are Needed to Protect Critical Systems and Information
GAO-09-835T: Published: Jun 25, 2009. Publicly Released: Jun 25, 2009.
Federal laws and policy have assigned important roles and responsibilities to the Department of Homeland Security (DHS) and the National Institute of Standards and Technology (NIST) for securing computer networks and systems. DHS is charged with coordinating the protection of computer-reliant critical infrastructure--much of which is owned by the private sector--and securing its own computer syste...