GAO’s reports and testimonies give Congress, federal agencies, and the public timely, fact-based, non-partisan information that can improve government operations and save taxpayers billions of dollars.
The U.S. depends on pipelines to deliver the natural gas, oil, and other hazardous liquids that power vehicles, heat homes, and more. But cyberattacks, such as an attack on Colonial Pipeline's IT networks in May 2021, threaten pipeline security.
Terrorists and others may pose a cyber-threat to high-risk chemical facilities. Control systems, for example, could be manipulated to release hazardous chemicals. The Department of Homeland Security started a program more than a decade ago to help address these security risks.
In 2018, the administration released its government-wide reform plan aimed at making the federal government more efficient and effective. The Office of Management and Budget oversees the proposals with support from other lead agencies.
Q: How does the government help keep banks, water systems, and other critical infrastructure from getting hacked?
A: A federal agency that issues standards and procedures—NIST—has a cybersecurity framework that critical infrastructure organizations can adopt.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has helped state and local election officials secure online voter registration systems, voting machines, and other election infrastructure since 2017.
The Department of Homeland Security issues mandatory cybersecurity directives for most federal agencies. For example, one directive requires agencies to better secure their websites and email systems. If the actions specified in these directives are not addressed, agency systems can remain at risk.
FEMA awarded more than $22 billion in grants for four major disasters in 2017 alone. It manages these and other grants in numerous, disparate information technology systems that it has been attempting to modernize.
We reviewed FEMA's Grants Management Modernization program.
What GAO Found As required by the Federal Cybersecurity Workforce Assessment Act of 2015 (act), the Office of Personnel Management (OPM) developed a cybersecurity coding structure under the National Initiative for Cybersecurity Education (NICE) as well as procedures for assigning codes to federal civilian...