Cyberthreats and Data Breaches Illustrate Need for Stronger Controls across Federal Agencies

Effective cybersecurity for federal information systems is essential to preventing the loss of resources, the compromise of sensitive information, and the disruption of government operations. Since 1997, the US Government Accountability Office has designated federal information security as a government-wide high-risk area, and in 2003 expanded this area to include computerized systems supporting the nation’s critical infrastructure. Earlier in 2014, in GAO’s high-risk update, the area was further expanded to include protecting the privacy of personal information that is collected, maintained, and shared by both federal and nonfederal entities.

This statement summarizes (1) cyberthreats to federal systems, (2) challenges facing federal agencies in securing their systems and information, and (3) government-wide initiatives aimed at improving cybersecurity. In preparing this statement, GAO relied on its previously published and ongoing work in this area. In previous work, GAO and agency inspectors general have made hundreds of recommendations to assist agencies in addressing cybersecurity challenges. GAO has also made recommendations to improve government-wide initiatives.