GAO’s reports and testimonies give Congress, federal agencies, and the public timely, fact-based, non-partisan information that can improve government operations and save taxpayers billions of dollars.
This report describes the federal response to 2 high-profile cybersecurity incidents that affected the U.S. government. The Russian Foreign Intelligence Service hacked SolarWinds network management software, which is widely used in the U.S. government.
Telework is essential to the continuity of federal operations in emergencies—but it also brings added cybersecurity risks. We examined federal agencies' preparedness to support expanded telework during the COVID-19 pandemic.
The General Services Administration developed an "online marketplace program" to make it easier for agencies to buy commercially available products, e.g., office supplies.
GSA started testing the program since our 2018 report, contracting with 3 online marketplace providers.
Recent events—such as the ransomware attack on the Colonial pipeline—illustrate the pressing need to strengthen federal cybersecurity and IT management. These issues are on our High Risk List, and we have often told the government to urgently pursue action on them.
The supply chain for information and communication technologies can be an access point for hackers. Compromised SolarWinds Orion network management software, for example, was sent to an estimated 18,000 customers.
The federal government spends more than $100 billion on IT and cyber-related investments annually—but many of them have failed or performed poorly, have been poorly managed, and have security weaknesses.
The federal government has spent billions on information technology projects that have failed or performed poorly. Some agencies have had massive cybersecurity failures. These IT efforts often suffered from ineffective management.