Information Security: Additional Actions Needed to Fully Implement Reform Legislation

Provisions in the National Defense Authorization Act for Fiscal Year 2001 seek to minimize pervasive information security weaknesses that place federal operations at significant risk of disruption, tampering, fraud, and inappropriate disclosure of sensitive information. Increases in computer interconnectivity, especially in the use of the Internet, pose significant risks to computer systems and to the critical operations and infrastructures they support, such as telecommunications, power distribution, public health, national defense, law enforcement, and emergency services. Although federal agencies have taken steps to redesign and strengthen their information security programs, federal systems are not being adequately protected from computer-based threats, even though these systems process, store, and transmit enormous amounts of sensitive data and are indispensable to many federal agency operations.