January 22, 2022

News

News Network

Veterans Affairs: VA Needs to Address Persistent IT Modernization and Cybersecurity Challenges

16 min read
<div>The Department of Veterans Affairs (VA) has faced challenges in its efforts to accomplish three critical information technology (IT) modernization initiatives: the department's health information system, known as the Veterans Health Information Systems and Technology Architecture (VistA); a system for the Family Caregiver Program, which is to support family caregivers of seriously injured post-9/11 veterans; and the Veterans Benefits Management System (VBMS) that collects and stores information and is used for processing disability benefit claims. Specifically, GAO has reported on the challenges in the department's three previous unsuccessful attempts to modernize VistA over the past 20 years. However, VA has recently deployed a new scheduling system as part of its fourth effort to modernize VistA and the next deployment of the system, including additional capabilities, is planned in October 2020. VA had taken steps to address GAO's recommendations from its 2014 report to implement a replacement system for the Family Caregiver Program. However, in September 2019, GAO reported that VA had yet to implement a new IT system that fully supports the Family Caregiver Program and that it had not yet fully committed to a date by which it will certify that the new IT system fully supports the program. In September 2015, GAO reported that VA had made progress in developing and implementing VBMS, but also noted that additional actions could improve efforts to develop and use the system. For example, VBMS was not able to fully support disability and pension claims, as well as appeals processing. GAO made five recommendations aimed at improving VA's efforts to effectively complete the development and implementation of VBMS; however, as of September 2020, VA implemented only one recommendation. VA's progress in implementing key provisions of the Federal Information Technology Acquisition Reform Act (commonly referred to as FITARA) has been uneven. Specifically, VA has made progress toward improving its licensing of software and achieving its goals for closing unneeded data centers. However, the department has made limited progress toward addressing requirements related to IT investment risk management and Chief Information Officer authority enhancement. Until the department implements the act's provisions, Congress' ability to effectively monitor VA's progress and hold it fully accountable for reducing duplication and achieving cost savings will be hindered. In addition, since fiscal year 2016, GAO has reported that VA faces challenges related to effectively implementing the federal approach to, and strategy for, securing information systems; effectively implementing information security controls and mitigating known security deficiencies; and establishing elements of its cybersecurity risk management program. GAO's work stressed the need for VA to address these challenges as well as manage IT supply chain risks. As VA continues to pursue modernization efforts, it is critical that the department take steps to adequately secure its systems. The use of IT is crucial to helping VA effectively serve the nation's veterans. The department annually spends billions of dollars on its information systems and assets—VA's budget for IT now exceeds $4 billion annually. However, over many years, VA has experienced challenges in managing its IT projects and programs, which could jeopardize its ability to effectively support key programs such as the Forever GI Bill. GAO has previously reported on these IT management challenges at VA. GAO was asked to testify on its prior IT work at VA. Specifically, this testimony summarizes results and recommendations from GAO's issued reports that examined VA's efforts in (1) modernizing VistA, a system for the Family Caregiver Program, and VBMS; (2) implementing FITARA; and (3) addressing cybersecurity issues. In developing this testimony, GAO reviewed its recently issued reports that addressed IT management issues at VA and GAO's biannual high-risk series. GAO also incorporated information on the department's actions in response to recommendations. GAO has made numerous recommendations in recent years aimed at improving VA's IT system modernization efforts, implementation of key FITARA provisions, and cybersecurity program. VA has generally agreed with the recommendations and has begun to address them. For more information, contact Carol C. Harris at (202) 512-4456 or harriscc@gao.gov.</div>

What GAO Found

The Department of Veterans Affairs (VA) has faced challenges in its efforts to accomplish three critical information technology (IT) modernization initiatives: the department’s health information system, known as the Veterans Health Information Systems and Technology Architecture (VistA); a system for the Family Caregiver Program, which is to support family caregivers of seriously injured post-9/11 veterans; and the Veterans Benefits Management System (VBMS) that collects and stores information and is used for processing disability benefit claims. Specifically,

GAO has reported on the challenges in the department’s three previous unsuccessful attempts to modernize VistA over the past 20 years. However, VA has recently deployed a new scheduling system as part of its fourth effort to modernize VistA and the next deployment of the system, including additional capabilities, is planned in October 2020.

VA had taken steps to address GAO’s recommendations from its 2014 report to implement a replacement system for the Family Caregiver Program. However, in September 2019, GAO reported that VA had yet to implement a new IT system that fully supports the Family Caregiver Program and that it had not yet fully committed to a date by which it will certify that the new IT system fully supports the program.

In September 2015, GAO reported that VA had made progress in developing and implementing VBMS, but also noted that additional actions could improve efforts to develop and use the system. For example, VBMS was not able to fully support disability and pension claims, as well as appeals processing. GAO made five recommendations aimed at improving VA’s efforts to effectively complete the development and implementation of VBMS; however, as of September 2020, VA implemented only one recommendation.

VA’s progress in implementing key provisions of the Federal Information Technology Acquisition Reform Act (commonly referred to as FITARA) has been uneven. Specifically, VA has made progress toward improving its licensing of software and achieving its goals for closing unneeded data centers. However, the department has made limited progress toward addressing requirements related to IT investment risk management and Chief Information Officer authority enhancement. Until the department implements the act’s provisions, Congress’ ability to effectively monitor VA’s progress and hold it fully accountable for reducing duplication and achieving cost savings will be hindered.

In addition, since fiscal year 2016, GAO has reported that VA faces challenges related to effectively implementing the federal approach to, and strategy for, securing information systems; effectively implementing information security controls and mitigating known security deficiencies; and establishing elements of its cybersecurity risk management program. GAO’s work stressed the need for VA to address these challenges as well as manage IT supply chain risks. As VA continues to pursue modernization efforts, it is critical that the department take steps to adequately secure its systems.

Why GAO Did This Study

The use of IT is crucial to helping VA effectively serve the nation’s veterans. The department annually spends billions of dollars on its information systems and assets—VA’s budget for IT now exceeds $4 billion annually. However, over many years, VA has experienced challenges in managing its IT projects and programs, which could jeopardize its ability to effectively support key programs such as the Forever GI Bill. GAO has previously reported on these IT management challenges at VA.

GAO was asked to testify on its prior IT work at VA. Specifically, this testimony summarizes results and recommendations from GAO’s issued reports that examined VA’s efforts in (1) modernizing VistA, a system for the Family Caregiver Program, and VBMS; (2) implementing FITARA; and (3) addressing cybersecurity issues. In developing this testimony, GAO reviewed its recently issued reports that addressed IT management issues at VA and GAO’s biannual high-risk series. GAO also incorporated information on the department’s actions in response to recommendations.

What GAO Recommends

GAO has made numerous recommendations in recent years aimed at improving VA’s IT system modernization efforts, implementation of key FITARA provisions, and cybersecurity program. VA has generally agreed with the recommendations and has begun to address them.

For more information, contact Carol C. Harris at (202) 512-4456 or harriscc@gao.gov.

News Network

  • Secretary Antony J. Blinken with Ina Strazdina of LTV
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • K-12 Education: Students’ Experiences with Bullying, Hate Speech, Hate Crimes, and Victimization in Schools
    In U.S GAO News
    What GAO Found Students experience a range of hostile behaviors at schools nationwide, according to GAO's analysis of nationally generalizable surveys of students and schools. About one in five students aged 12 to 18 were bullied annually in school years 2014-15, 2016-17, and 2018-19. Of students who were bullied in school year 2018-19, about one in four students experienced bullying related to their race, national origin, religion, disability, gender, or sexual orientation. About one in four of all students aged 12 to 18 saw hate words or symbols written in their schools, such as homophobic slurs and references to lynching. Most hostile behaviors also increased in school year 2017-18, according to our analysis of the school survey. Hate crimes—which most commonly targeted students because of their race and national origin—and physical attacks with a weapon nearly doubled (see figure). Sexual assaults also increased during the same period. Hostile Behaviors in K-12 Public Schools, School Years 2015-16 to 2017-18 Nearly every school used programs or practices to address hostile behaviors, and schools' adoption of them increased from school year 2015-16 to 2017-18, according to our analysis of the school survey. About 18,000 more schools implemented social emotional learning and about 1,200 more used in-school suspensions. Additionally, 2,000 more schools used school resource officers (SRO)—career officers with the ability to arrest students—in school year 2017-18. SROs' involvement in schools, such as solving problems, also increased. The Department of Education resolved complaints of hostile behaviors faster in recent years, due in part to more complaints being dismissed and fewer complaints being filed. In the 2019-20 school year, 81 percent of such resolved complaints were dismissed, most commonly because Education's Office for Civil Rights (OCR) did not receive consent to disclose the complainant's identity to those they filed the complaint against. Complaints of hostile behaviors filed with OCR declined by 9 percent and 15 percent, respectively, in school years 2018-19 and 2019-20. Civil rights experts GAO interviewed said that in recent years they became reluctant to file complaints on students' behalf because they lost confidence in OCR's ability to address civil rights violations in schools. The experts cited, in part, Education's rescission of guidance to schools that clarified civil rights protections, such as those for transgender students. Since 2021, Education has started reviewing or has reinterpreted some of this guidance. Why GAO Did This Study Hostile behaviors, including bullying, harassment, hate speech and hate crimes, or other types of victimization like sexual assault and rape, in schools can negatively affect K-12 students' short- and long-term mental health, education, income, and overall well-being. According to Education's guidance, incidents of harassment or hate, when motivated by race, color, national origin, sex (including sexual orientation and gender identity), or disability status can impede access to an equal education. In certain circumstances, these kinds of incidents may violate certain federal civil rights laws, which Education's OCR is tasked with enforcing in K-12 schools. GAO was asked to review hostile behaviors in K-12 schools. This report examines (1) the prevalence and nature of hostile behaviors in K-12 public schools; (2) the presence of K-12 school programs and practices to address hostile behaviors; and (3) how Education has addressed complaints related to these issues in school years 2010-11 through 2019-20. GAO conducted descriptive and regression analyses on the most recent available data for two nationally generalizable federal surveys: a survey of 12- to 18-year-old students for school years 2014-15, 2016-17, and 2018-19, and a survey of schools for school years 2015-16 and 2017-18. GAO also analyzed 10 years of civil rights complaints filed with OCR against schools; reviewed relevant federal laws, regulations, and documents; and interviewed relevant federal and national education and civil rights organization officials. GAO incorporated technical comments from Education as appropriate. For more information, contact Jacqueline M. Nowicki at (617) 788-0580 or nowickij@gao.gov.
    [Read More…]
  • Gang members sentenced for assaulting federal officers
    In Justice News
    The final Houston area [Read More…]
  • Burundi National Day
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Justice Department Releases Report On Modernizing The Administrative Procedure Act
    In Crime News
    WASHINGTON – The Justice Department released a report today on the need for Congress to update and improve the Administrative Procedure Act (APA), the 74-year-old statute setting forth the procedures agencies must follow when regulating individuals, businesses, non-profits, and state and local government entities. The report, entitled Modernizing the Administrative Procedure Act, discusses how the administrative state has developed in ways not foreseen by the APA in 1946, how the APA might be legislatively improved, and how this Administration’s improvements to agencies’ regulatory processes could inform modernizing the APA. The Justice Department, which significantly shaped the original APA, hopes that the ideas and insights discussed in the report will encourage and inform much needed action by Congress to modernize the APA.
    [Read More…]
  • Substance Use Disorder: Reliable Data Needed for Substance Abuse Prevention and Treatment Block Grant Program
    In U.S GAO News
    According to Substance Abuse and Mental Health Services Administration (SAMHSA) data, the number of substance use disorder (SUD) treatment facilities and services increased since 2009. However, potential gaps in treatment capacity remain. For example, SAMHSA data show that, as of May 2020, most counties did not have all levels of SUD treatment available, including outpatient, residential, and hospital inpatient services; nearly one-third of counties had no levels of treatment available. Stakeholders GAO interviewed said it is important to have access to each level for treating individuals with varying SUD severity. Availability of Substance Use Disorder Treatment Levels, by County, as of May 2020 SAMHSA primarily relies on the number of individuals served to assess the effect of three of its largest grant programs on access to SUD treatment and recovery support services. However, GAO found the agency lacks two elements of reliable data—that they be consistent and relevant—for the number of individuals served under the Substance Abuse Prevention and Treatment Block Grant (SABG) program. For example, grantee reporting includes individuals served outside of the program, which limits this measure's relevance for program assessment of access. SAMHSA plans to implement data quality improvements for the SABG program starting in fiscal year 2021. However, the agency has not identified specific changes needed to improve the information it collects on individuals served. As SAMHSA moves forward with its plans, it will be important for it to identify and implement such changes. Doing so will allow SAMHSA to better assess whether the SABG program is achieving a key goal of improving access to SUD treatment and recovery services or whether changes may be needed. Treatment for SUD—the recurrent use of substances, such as illicit drugs, causing significant impairment—can help individuals reduce or stop substance use and improve their quality of life. SUDs, and in particular drug misuse, have been a persistent and long-standing public health issue in the United States. Senate Report 115-289 contains a provision for GAO to review SUD treatment capacity. This report, among other things, describes what is known about SUD treatment facilities, services, and overall capacity; and examines the information SAMHSA uses to assess the effect of three grant programs on access to SUD treatment. GAO analyzed national SAMHSA data on SUD treatment facilities and providers, and reviewed studies that assessed treatment capacity. GAO also reviewed documentation for three of SAMHSA's largest grant programs available to states, and compared the agency's grant data quality to federal internal control standards. Finally, GAO interviewed SAMHSA officials and stakeholders, including provider groups. GAO is recommending that SAMHSA identify and implement changes to the SABG program's data collection efforts to improve two elements of reliability—the consistency and relevance—of data collected on individuals served. SAMHSA concurred with this recommendation. For more information, contact Alyssa M. Hundrup at (202) 512-7114 or HundrupA@gao.gov.
    [Read More…]
  • Determination of the Secretary of State on Atrocities in Xinjiang
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Civil Monetary Penalties: Federal Agencies’ Compliance with the 2020 Annual Inflation Adjustment Requirements
    In U.S GAO News
    What GAO Found In this fifth annual review, GAO found that the majority of federal agencies that could be subject to the Federal Civil Penalties Inflation Adjustment Act of 1990, as amended (IAA), have complied with the provisions of the act to publish 2020 civil monetary penalty inflation adjustments in the Federal Register and report related information in their 2020 agency financial reports (AFR), or equivalent. However, two agencies did not publish inflation adjustments in the Federal Register as of December 31, 2020, and did not report the required information in their 2020 AFRs for one or more of their civil monetary penalties. Why GAO Did This Study The IAA includes a provision, added in 2015, requiring GAO to annually submit to Congress a report assessing agencies' compliance with the annual inflation adjustments required by the act. This is the fifth annual report responding to this requirement. For more information, contact Paula M. Rascona at (202) 512-9816 or rasconap@gao.gov.
    [Read More…]
  • Tajikistan Independence Day
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Secretary Blinken’s Call with EU High Representative for Foreign Affairs and Security Policy Borrell
    In Crime Control and Security News
    Office of the [Read More…]
  • Arkansas Man Charged in $100 Million COVID-19 Health Care Fraud Scheme
    In Crime News
    A federal grand jury in the Western District of Arkansas returned an indictment yesterday charging an Arkansas man who owned or managed numerous diagnostic testing laboratories with health care fraud in connection with over $100 million dollars in false billings for urine drug testing, COVID-19 testing, and other clinical laboratory services.
    [Read More…]
  • Priority Open Recommendations: Department of Defense
    In U.S GAO News
    What GAO Found In May 2020, GAO identified 81 priority open recommendations for the Department of Defense (DOD). Since then, DOD has implemented 21 of those recommendations, leading to improvements in readiness rebuilding efforts, cybersecurity, and the Navy's force structure, among other areas. Additionally, GAO closed four priority recommendations related to DOD enterprise-wide business reform as unimplemented because the recommendations are no longer relevant. GAO also removed one priority recommendation related to acquisition oversight because it no longer warranted priority attention due to actions taken by the military departments. Thus, reducing the number of remaining priority open recommendations to 55. In July 2021, GAO identified 26 additional priority recommendations for DOD, bringing the total number to 81. These recommendations involve the following areas: acquisitions and contract management; rebuilding readiness and force structure; financial management; cybersecurity and the information environment; health care; driving enterprise-wide business reform; preventing sexual harassment; and strengthening diversity, equity and inclusion within DOD. DOD's continued attention to these issues could lead to further improvements in the department's operations. Why GAO Did This Study Priority open recommendations are GAO recommendations that warrant priority attention from heads of key departments or agencies because implementation may significantly improve government operations, for example, by realizing large dollar savings; eliminating mismanagement, fraud, and abuse; or making progress toward addressing a high-risk or fragmentation, overlap, or duplication issue. Since 2015, GAO has sent letters to selected agencies to highlight the importance of implementing such recommendations. For more information, contact Elizabeth Field at (202) 512-2775 or fielde1@gao.gov.
    [Read More…]
  • Readout of Attorney General Merrick B. Garland’s Call with the United Kingdom’s Home Secretary Priti Patel
    In Crime News
    Attorney General Merrick B. Garland spoke by phone yesterday with Priti Patel, the United Kingdom’s Home Secretary. In this inaugural conversation, the Attorney General and Home Secretary reaffirmed their shared commitment to deepening cooperation on countering common threats, including those posed by international terrorism.
    [Read More…]
  • Secretary Blinken’s Call with Special Envoy for the UN Secretary-General on Yemen Griffiths
    In Crime Control and Security News
    Office of the [Read More…]
  • Escort Sentenced to Prison for Underreporting Income
    In Crime News
    A Florida man was sentenced today to 21 months in prison for filing a false tax return. Jami Kopacz, of Fort Lauderdale, pleaded guilty to filing a false corporate tax return on Dec. 16, 2020. According to court documents and statements made in court, Kopacz worked as a paid escort for clients across the United States. Kopacz received payments directly from his escort clients, and from a private business for whom he worked as an independent contractor. From 2015 to 2018, Kopacz used his corporation, JK Training LLC, to receive income, and then filed false corporate tax returns (Forms 1120S) that substantially underreported the company’s gross receipts and total income.
    [Read More…]
  • Statement by Pamela Karlan, Principal Deputy Assistant Attorney General of the Civil Rights Division
    In Crime News
    “The United States is currently facing unprecedented challenges, some of which are fueling increased bigotry and hatred. Hate crimes cannot be tolerated in our country, and the Department of Justice will continue to put all necessary resources toward protecting our neighbors and our communities from these heinous acts.
    [Read More…]
  • Remarks at World Sustainable Development Summit 2021
    In Climate - Environment - Conservation
    John Kerry, Special [Read More…]
  • Justice Department Seeks to Shut Down Louisiana Tax Return Preparers
    In Crime News
    The United States has filed a complaint seeking to bar Louisiana tax return preparers from owning or operating a tax return preparation business and preparing tax returns for others, the Justice Department announced today. The civil complaint against Leroi Gorman Jackson and Mario Alexander, both individually and doing business as The Taxman Financial Services LLC, was filed in the U.S. District Court for the Eastern District of Louisiana.
    [Read More…]
  • Request Denied for Preliminary Injunction on the Administration’s Landmark New Regulations Implementing under the National Environmental Policy Act
    In Crime News
    On Friday, Sept. 11, Judge James T. Jones of the U.S. District Court for the Western District of Virginia denied a request for a preliminary injunction against the Administration’s landmark new regulations implementing under the National Environmental Policy Act (NEPA), which will modernize environmental review, enhance the information-gathering process, and facilitate more meaningful public participation in the protection of our environment. These regulations had not been subject to a major revision since 1978, when they were first promulgated, and they were in need of modernization to improve the infrastructure permitting process.
    [Read More…]
  • Cybersecurity: Clarity of Leadership Urgently Needed to Fully Implement the National Strategy
    In U.S GAO News
    Federal entities have a variety of roles and responsibilities for supporting efforts to enhance the cybersecurity of the nation. Among other things, 23 federal entities have roles and responsibilities for developing policies, monitoring critical infrastructure protection efforts, sharing information to enhance cybersecurity across the nation, responding to cyber incidents, investigating cyberattacks, and conducting cybersecurity-related research. To fulfill their roles and responsibilities, federal entities identified activities undertaken in support of the nation's cybersecurity. For example, National Security Council (NSC) staff, on behalf of the President, and the National Institute of Standards and Technology, have developed policies, strategies, standards, and plans to guide cybersecurity efforts. The Department of Homeland Security has helped secure the nation's critical infrastructure through developing security policy and coordinating security initiatives, among other efforts. Other agencies have established initiatives to gather intelligence and share actual or possible cyberattack information. Multiple agencies have mechanisms in place to assist in responding to cyberattacks, and law enforcement components, including the Federal Bureau of Investigation, are responsible for investigating them. The White House's September 2018 National Cyber Strategy and the NSC's accompanying June 2019 Implementation Plan detail the executive branch's approach to managing the nation's cybersecurity. When evaluated together, these documents addressed several of the desirable characteristics of national strategies, but lacked certain key elements for addressing others. National Cyber Strategy and Implementation Plan are Missing Desirable Characteristics of a National Strategy Characteristic Cyber Strategy and Plan Coverage of Issue Purpose, scope, and methodology Addressed Organizational roles, responsibilities, and coordination Addressed Integration and implementation Addressed Problem definition and risk assessment Did not fully address Goals, subordinate objectives, activities, and performance measures Did not fully address Resources, investments, and risk management Did not fully address Source: GAO analysis of 2018 National Cyber Strategy and 2019 Implementation Plan . | GAO-20-629 For example, the Implementation Plan details 191 activities that federal entities are to undertake to execute the priority actions outlined in the National Cyber Strategy. These activities are assigned a level, or tier, based on the coordination efforts required to execute the activity and the extent to which NSC staff is expected to be involved. Thirty-five of these activities are designated as the highest level (tier 1), and are coordinated by a functional entity within the NSC . Ten entities are assigned to lead or co-lead these critical activities while also tasked to lead or co-lead lower tier activities. Leadership Roles for Federal Entities Assigned as Leads or Co-Leads for National Cyber Strategy Implementation Plan Activities Entity Tier 1 Activities Tier 2 Activities Tier 3 Activities National Security Council 15 7 3 Department of Homeland Security 14 19 15 Office of Management and Budget 7 6 5 Department of Commerce 5 9 35 Department of State 2 5 11 Department of Defense 1 6 17 Department of Justice 1 10 5 Department of Transportation 1 0 5 Executive Office of the President 1 0 0 General Services Administration 1 2 1 Source: GAO analysis of 2018 National Cyber Strategy and 2019 Implementation Plan . | GAO-20-629 Although the Implementation Plan defined the entities responsible for leading each of the activities; it did not include goals and timelines for 46 of the activities or identify the resources needed to execute 160 activities. Additionally, discussion of risk in the National Cyber Strategy and Implementation Plan was not based on an analysis of threats and vulnerabilities. Further, the documents did not specify a process for monitoring agency progress in executing Implementation Plan activities. Instead, NSC staff stated that they performed periodic check-ins with responsible entities, but did not provide an explanation or definition of specific level of NSC staff involvement for each of the three tier designations. Without a consistent approach to engaging with responsible entities and a comprehensive understanding of what is needed to implement all 191 activities, the NSC will face challenges in ensuring that the National Cyber Strategy is efficiently executed. GAO and others have reported on the urgency and necessity of clearly defining a central leadership role in order to coordinate the government's efforts to overcome the nation's cyber-related threats and challenges. The White House identified the NSC staff as responsible for coordinating the implementation of the National Cyber Strategy . However, in light of the elimination of the White House Cybersecurity Coordinator position in May 2018, it remains unclear which official ultimately maintains responsibility for not only coordinating execution of the Implementation Plan , but also holding federal agencies accountable once activities are implemented. NSC staff stated responsibility for duties previously attributed to the White House Cyber Coordinator were passed to the senior director of NSC's Cyber directorate; however, the staff did not provide a description of what those responsibilities include. NSC staff also stated that federal entities are ultimately responsible for determining the status of the activities that they lead or support and for communicating implementation status to relevant NSC staff. However, without a clear central leader to coordinate activities, as well as a process for monitoring performance of the Implementation Plan activities, the White House cannot ensure that entities are effectively executing their assigned activities intended to support the nation's cybersecurity strategy and ultimately overcome this urgent challenge. Increasingly sophisticated cyber threats have underscored the need to manage and bolster the cybersecurity of key government systems and the nation's cybersecurity. The risks to these systems are increasing as security threats evolve and become more sophisticated. GAO first designated information security as a government-wide high-risk area in 1997. This was expanded to include protecting cyber critical infrastructure in 2003 and protecting the privacy of personally identifiable information in 2015. In 2018, GAO noted that the need to establish a national cybersecurity strategy with effective oversight was a major challenge facing the federal government. GAO was requested to review efforts to protect the nation's cyber critical infrastructure. The objectives of this report were to (1) describe roles and responsibilities of federal entities tasked with supporting national cybersecurity, and (2) determine the extent to which the executive branch has developed a national strategy and a plan to manage its implementation. To do so, GAO identified 23 federal entities responsible for enhancing the nation's cybersecurity. Specifically, GAO selected 13 federal agencies based on their specialized or support functions regarding critical infrastructure security and resilience, and 10 additional entities based on analysis of its prior reviews of national cybersecurity, relevant executive policy, and national strategy documents. GAO also analyzed the National Cyber Strategy and Implementation Plan to determine if they aligned with the desirable characteristics of a national strategy. GAO is making one matter for congressional consideration, that Congress should consider legislation to designate a leadership position in the White House with the commensurate authority to implement and encourage action in support of the nation's cybersecurity. GAO is also making one recommendation to the National Security Council to work with relevant federal entities to update cybersecurity strategy documents to include goals, performance measures, and resource information, among other things. The National Security Council neither agreed nor disagreed with GAO's recommendation. For more information, contact Nick Marinos at (202) 512-9342 or marinosn@gao.gov.
    [Read More…]

Crime

Network News © 2005 Area.Control.Network™ All rights reserved.