GAO’s reports and testimonies give Congress, federal agencies, and the public timely, fact-based, non-partisan information that can improve government operations and save taxpayers billions of dollars.
Telework is essential to the continuity of federal operations in emergencies—but it also brings added cybersecurity risks. We examined federal agencies' preparedness to support expanded telework during the COVID-19 pandemic.
Recent events—such as the ransomware attack on the Colonial pipeline—illustrate the pressing need to strengthen federal cybersecurity and IT management. These issues are on our High Risk List, and we have often told the government to urgently pursue action on them.
The federal government spends more than $100 billion on IT and cyber-related investments annually—but many of them have failed or performed poorly, have been poorly managed, and have security weaknesses.
The federal government has spent billions on information technology projects that have failed or performed poorly. Some agencies have had massive cybersecurity failures. These IT efforts often suffered from ineffective management.
The Office of Management and Budget has been working with federal agencies to reduce the number of outdated or duplicative federal data centers. In fiscal year 2019, agencies closed 102 centers, and planned to close 184 more.
The Department of Homeland Security issues mandatory cybersecurity directives for most federal agencies. For example, one directive requires agencies to better secure their websites and email systems. If the actions specified in these directives are not addressed, agency systems can remain at risk.
The federal government has spent billions on information technology projects that failed or have performed poorly. These efforts often suffered from ineffective management. Agencies have also had cybersecurity failures affecting millions of people.
What GAO Found GAO has identified a number of challenges federal agencies face in addressing threats to their cybersecurity, including the following: Designing and implementing a risk-based cybersecurity program. Enhancing oversight of contractors providing IT services.