GAO’s reports and testimonies give Congress, federal agencies, and the public timely, fact-based, non-partisan information that can improve government operations and save taxpayers billions of dollars.
The supply chain for information and communication technologies can be an access point for hackers. Compromised SolarWinds Orion network management software, for example, was sent to an estimated 18,000 customers.
The Federal Communications Commission uses the Electronic Comment Filing System to receive public comments about proposed regulation changes.
In May 2017, a surge of more than 22 million comments disrupted the system making it unavailable.
In 2018, the administration released its government-wide reform plan aimed at making the federal government more efficient and effective. The Office of Management and Budget oversees the proposals with support from other lead agencies.
“Cyber hygiene” is a set of practices for managing the most common and pervasive cybersecurity risks. The Department of Defense’s cyber hygiene is critical as threats to its information and networks increase.
DOD has had 3 cyber hygiene initiatives underway.
The Department of Homeland Security issues mandatory cybersecurity directives for most federal agencies. For example, one directive requires agencies to better secure their websites and email systems. If the actions specified in these directives are not addressed, agency systems can remain at risk.
Federal agencies are increasingly using cloud computing services. Cloud computing offers benefits but also poses cybersecurity risks. OMB requires agencies to use the Federal Risk and Authorization Management Program to authorize their use of cloud services.