Cyber security (51 - 60 of 68 items)
Information Security: Emerging Cybersecurity Issues Threaten Federal Information Systems
GAO-05-231: Published: May 13, 2005. Publicly Released: Jun 13, 2005.
Federal agencies are facing a set of emerging cybersecurity threats that are the result of increasingly sophisticated methods of attack and the blending of once distinct types of attack into more complex and damaging forms. Examples of these threats include spam (unsolicited commercial e-mail), phishing (fraudulent messages to obtain personal or sensitive data), and spyware (software that monitors...
Critical Infrastructure Protection: Department of Homeland Security Faces Challenges in Fulfilling Cybersecurity Responsibilities
GAO-05-434: Published: May 26, 2005. Publicly Released: May 26, 2005.
Increasing computer interconnectivity has revolutionized the way that our government, our nation, and much of the world communicate and conduct business. While the benefits have been enormous, this widespread interconnectivity also poses significant risks to our nation's computer systems and, more importantly, to the critical operations and infrastructures they support. The Homeland Security Act o...
Technology Assessment: Cybersecurity for Critical Infrastructure Protection
GAO-04-321: Published: May 28, 2004. Publicly Released: May 28, 2004.
Computers are crucial to the operations of government and business. Computers and networks essentially run the critical infrastructures that are vital to our national defense, economic security, and public health and safety. Unfortunately, many computer systems and networks were not designed with security in mind. As a result, the core of our critical infrastructure is riddled with vulnerabilities...
Critical Infrastructure Protection: Challenges and Efforts to Secure Control Systems
GAO-04-628T: Published: Mar 30, 2004. Publicly Released: Mar 30, 2004.
Computerized control systems perform vital functions across many of our nation's critical infrastructures. For example, in natural gas distribution, they can monitor and control the pressure and flow of gas through pipelines. In October 1997, the President's Commission on Critical Infrastructure Protection emphasized the increasing vulnerability of control systems to cyber attacks. At the request...
Information Security: Continued Efforts Needed to Sustain Progress in Implementing Statutory Requirements
GAO-04-483T: Published: Mar 16, 2004. Publicly Released: Mar 16, 2004.
For many years, GAO has reported on the widespread negative impact of poor information security within federal agencies and has identified it as a governmentwide high-risk issue since 1997. Legislation designed to improve information security was enacted in October 2000. It was strengthened in December 2002 by new legislation, the Federal Information Security Management Act of 2002 (FISMA), which...
Information Security: Technologies to Secure Federal Systems
GAO-04-467: Published: Mar 9, 2004. Publicly Released: Mar 16, 2004.
Federal agencies rely extensively on computerized information systems and electronic data to carry out their missions. The security of these systems and date is essential to preventing data tampering, disruptions in critical operations, fraud, and inappropriate disclosure of sensitive information. Congress and the executive branch have taken actions to address this challenge, such as enacting and...
Posthearing Questions from the September 17, 2003, Hearing on Implications of Power Blackouts for the Nation's Cybersecurity and Critical Infrastructure Protection: The Electric Grid, Critical Interdependencies, Vulnerabilities, and Readiness"
GAO-04-300R: Published: Dec 8, 2003. Publicly Released: Dec 8, 2003.
As requested in a letter of November 5, 2003, this letter provides our responses for the record to the questions posed to GAO. At the subject hearing, we discussed the challenges that the Department of Homeland Security (DHS) faces in integrating its information gathering and sharing functions, particularly as they relate to fulfilling the department's responsibilities for critical infrastructure...
Critical Infrastructure Protection: Challenges in Securing Control Systems
GAO-04-140T: Published: Oct 1, 2003. Publicly Released: Oct 1, 2003.
Computerized control systems perform vital functions across many of our nation's critical infrastructures. For example, in natural gas distribution, they can monitor and control the pressure and flow of gas through pipelines; in the electric power industry, they can monitor and control the current and voltage of electricity through relays and circuit breakers; and in water treatment facilities, th...
Information Security: Effective Patch Management is Critical to Mitigating Software Vulnerabilities
GAO-03-1138T: Published: Sep 10, 2003. Publicly Released: Sep 10, 2003.
Attacks on computer systems--in government and the private sector--are increasing at an alarming rate, placing both federal and private-sector operations and assets at considerable risk. By exploiting software vulnerabilities, hackers can cause significant damage. While patches, or software fixes, for these vulnerabilities are often well publicized and available, they are frequently not quickly or...
FAA Computer Security: Recommendations to Address Continuing Weaknesses
GAO-01-171: Published: Dec 6, 2000. Publicly Released: Dec 6, 2000.
The Federal Aviation Administration's (FAA) agencywide computer security programs have serious, pervasive problems in the following key areas: personnel security, facility physical security, operational systems security, information systems security management, service continuity, and intrusion detection. Until FAA addresses the pervasive weaknesses in its computer security program, its critical i...