Cybersecurity and Information Technology: Federal Agencies Need to Strengthen Efforts to Address High-Risk Areas – Government Accountability Office

What GAO Found

In March 2021, GAO issued its high-risk series update and emphasized that federal agencies' needed to implement numerous critical actions to strengthen the nation's cybersecurity and information technology (IT) management efforts. In the update, GAO reiterated the importance of agencies addressing four major cybersecurity challenges facing the nation: (1) establishing a comprehensive cybersecurity strategy and performing effective oversight, (2) securing federal systems and information, (3) protecting cyber critical infrastructure, and (4) protecting privacy and sensitive data. Overall, the federal government has to move with a greater sense of urgency to fully address key cybersecurity challenges. In particular:

In its March update, GAO also stressed the importance of the Office of Management and Budget (OMB) and federal agencies fully implementing critical actions recommended to improve the management of IT to better manage tens of billions of dollars in IT investments. GAO emphasized, for example, that

Until OMB and federal agencies take critical actions to strengthen efforts to address these important high-risk areas, longstanding and pervasive weaknesses will likely continue to jeopardize the nation's cybersecurity and management of IT.

The nation's critical infrastructures and federal agencies are dependent on IT systems and electronic data to carry out operations and to process, maintain, and report essential information. Each year, the federal government spends more than $100 billion on cybersecurity and IT investments.

GAO has long stressed the continuing and urgent need for effective cybersecurity, as underscored by recent events that have illustrated persistent and evermore sophisticated cyber threats and incidents. Moreover, many IT investments have failed, performed poorly, or suffered from ineffective management. Accordingly, GAO has included information security on its high-risk list since 1997 and added improving the management of IT acquisitions and operations in 2015. In its March 2021 high-risk series update, GAO reported that significant attention was needed in both of these important areas.

GAO was asked to testify on federal agencies' efforts to address cybersecurity and the management of IT. For this testimony, GAO relied on selected products it previously issued.

View original post here:

Cybersecurity and Information Technology: Federal Agencies Need to Strengthen Efforts to Address High-Risk Areas - Government Accountability Office