Computer Security: Progress Made, But Critical Federal Operations and Assets Remain at Risk

Protecting the computer systems that support our critical operations and infrastructures has never been more important because of the concern about attacks from individuals and groups with malicious intent, including terrorism. These concerns are well founded for a number of reasons, including the dramatic increases in reported computer security incidents, the ease of obtaining and using hacking tools, the steady advance in the sophistication and effectiveness of attack technology, and the dire warnings of new and more destructive attacks. As with other large organizations, federal agencies rely extensively on computerized systems and electronic data to support their missions. Accordingly, the security of these systems and data is essential to avoiding disruptions in critical operations, as well as to helping prevent data tampering, fraud, and inappropriate disclosure of sensitive information. At the subcommittee's request, GAO discussed its analysis of recent information security audits and evaluations at 24 major federal departments and agencies.