Information Security: Additional Actions Needed to Fully Implement Reform Legislation.

摘要

As greater amounts of money are transferred through computer systems, as more sensitive economic and commercial information is exchanged electronically, and as the nations defense and intelligence communities increasingly rely on commercially available information technology, the likelihood increases that information attacks will threaten vital national interests. Further, the events of September 11, 2001, underscored the need to protect Americas cyberspace against potentially disastrous cyber attacksattacks that could also be coordinated to coincide with physical terrorist attacks to maximize the impact of both. Since September 1996, we have reported that poor information security is a widespread federal problem with potentially devastating consequences. Although agencies have taken steps to redesign and strengthen their information system security programs, our analyses of information security at major federal agencies have shown that federal systems were not being adequately protected from computer-based threats, even though these systems process, store, and transmit enormous amounts of sensitive data and are indispensable to many federal agency operations. In addition, in both 1998 and 2000, we analyzed audit results for 24 of the largest federal agencies and found that all 24 had significant information security weaknesses. As a result of these analyses, we have identified information security as a governmentwide high-risk issue in reports to the Congress since 1997, most recently in January 2001.