With the enactment of the Federal Information Security Management Act of 2002, the Congress continued its efforts to improve federal information security by permanently authorizing and strengthening key information security requirements. The administration has also made progress through a number of efforts, among them the Office of Management and Budget's emphasis of information security in the b

The National Infrastructure Protection Center (NIPC) is an important element of the U.S.' strategy to protect the nation's infrastructures from hostile attacks, especially computer-based attacks. This testimony discusses the key findings of a GAO report on NIPC's progress in developing national capabilities for analyzing cyber threats and vulnerability data and issuing warnings, enhancing its cap

A number of serious control weaknesses in the Internal Revenue Service's (IRS) electronic filing systems placed personal taxpayer data in IRS' electronic filing system at significant risk of unauthorized disclosure, use, and modification during the 2000 tax filing season. IRS recognized the importance of promptly addressing these weaknesses and stated that it has taken steps to correct them prior

GAO noted that: (1) evaluations of computer security published since July 1999 continue to show that federal computer security is fraught with weaknesses and that, as a result, critical operations and assets continue to be at risk; (2) as in 1998, GAO's analysis identified significant weaknesses in each of the 24 agencies covered by its review; (3) since July 1999, the range of weaknesses in indi

GAO noted that: (1) GAO's review found serious and pervasive problems that essentially rendered EPA's agencywide information security program ineffective; (2) GAO's tests of computer-based controls concluded that the computer operating systems and the agencywide computer network that support most of EPA's mission-related and financial operations were riddled with security weaknesses; (3) of parti

GAO noted that: (1) unclassified information systems for scientific research are not consistently protected at all DOE laboratories; (2) although some laboratories are taking significant measures to strengthen access controls, many systems remain vulnerable; (3) in four recent cases, Internet-based attacks forced specific laboratories to disconnect their networks from the Internet, interrupting s

GAO noted that: (1) ILOVEYOU is both a virus and a worm; (2) the damage resulting from this particular hybrid is limited to users of the Microsoft Windows operating system; (3) ILOVEYOU typically comes in the form of an electronic mail (e-mail) message from someone the recipient knows; (4) as long as recipients do not run the attached file, their systems will not be affected and they need only to

GAO noted that: (1) the nation's computer-based infrastructures are at increasing risk of severe disruption; (2) the dramatic increase of computer interconnectivity has provided pathways among systems that can be used to gain unauthorized access to data and operations from remote locations; (3) government officials are increasingly worried about attacks from individuals and groups with malicious

GAO noted that: (1) more than any nation, the United States depends on interconnected computer systems--including the Internet--to support critical operations and services both in the public and private sectors; (2) while beneficial, this reliance has increased the risks of computer-based fraud, inappropriate disclosure of sensitive data, and disruption of critical computer-supported operations a

GAO noted that: (1) GAO's review found serious and pervasive problems that essentially render EPA's agencywide information security program ineffective; (2) current security program planning and management is largely a paper exercise that has done little to substantively identify, evaluate, and mitigate risks to the agency's data systems; (3) GAO's tests of computer-based controls have concluded