High-Risk Series:

Protecting Information Systems Supporting the Federal Government and the Nation's Critical Infrastructures

GAO-03-121: Published: Jan 1, 2003. Publicly Released: Jan 1, 2003.

Additional Materials:

Contact:

Robert F. Dacey
(202) 512-3317
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Since GAO designated computer security in the federal government as high risk in 1997, evidence of pervasive weaknesses has been continuing. Also, related risks have been escalating, in part because of the dramatic increases in computer interconnectivity and increasing dependence on computers to support critical operations and infrastructures, such as power distribution, water supply, national defense, and emergency services. This year, GAO expanded this high risk area to include protecting the information systems that support our nation's critical infrastructures, referred to as cyber critical infrastructure protection or cyber CIP. Among other reasons for designating cyber CIP high risk is that terrorist groups and others have stated their intentions of attacking our critical infrastructures, and failing to protect these infrastructures could adversely affect our national security, economic security, and/or public health and safety.

Since January 2001, efforts to improve federal information security have accelerated at individual agencies and at the governmentwide level. For example, implementation of Government Information Security Reform legislation (GISRA) enacted by the Congress in October 2000 was a significant step in improving federal agencies' information security programs and addressing their serious, pervasive information security weaknesses. In implementing GISRA, agencies have noted benefits, including increased management attention to and accountability for information security. Although improvements are under way, recent audits of 24 of the largest federal agencies continue to identify significant information security weaknesses that put critical federal operations and assets in each of these agencies at risk. Over the years, various working groups have been formed, special reports written, federal policies issued, and organizations created to address the nation's critical infrastructure challenges. In 1998, the President issued Presidential Decision Directive 63 (PDD 63), which described a strategy for cooperative efforts by government and the private sector to protect the physical and cyber-based systems essential to the minimum operations of the economy and the government. To accomplish its goals, PDD 63 designated and established organizations to provide central coordination and support. This directive has since been supplemented by Executive Order 13231, which established the President's Critical Infrastructure Protection Board and the President's National Strategy for Homeland Security. While the actions taken to date are major steps to more effectively protect our nation's critical infrastructures, GAO has made numerous recommendations over the last several years concerning CIP challenges. In response to these challenges, improvements have been made and efforts are in progress, but more work is needed to address them.

Below are the reports in this series:

High-Risk Series: An Update GAO-03-119, Jan 1, 2003

High-Risk Series: Strategic Human Capital Management GAO-03-120, Jan 1, 2003

High-Risk Series: Protecting Information Systems Supporting the Federal Government and the Nation's Critical Infrastructures GAO-03-121, Jan 1, 2003

High-Risk Series: Federal Real Property GAO-03-122, Jan 1, 2003

Added later:

Pension Benefit Guaranty Corporation Single-Employer Insurance Program: Long-Term Vulnerabilities Warrant 'High Risk' Designation GAO-03-1050SP, Jul 23, 2003

Performance and Accountability Series:

Major Management Challenges and Program Risks: A Governmentwide Perspective GAO-03-95, Jan 1, 2003

Major Management Challenges and Program Risks: Department of Agriculture GAO-03-96, Jan 1, 2003

Major Management Challenges and Program Risks: Department of Commerce GAO-03-97, Jan 1, 2003

Major Management Challenges and Program Risks: Department of Defense GAO-03-98, Jan 1, 2003

Major Management Challenges and Program Risks: Department of Education GAO-03-99, Jan 1, 2003

Major Management Challenges and Program Risks: Department of Energy GAO-03-100, Jan 1, 2003

Major Management Challenges and Program Risks: Department of Health and Human Services GAO-03-101, Jan 1, 2003

Major Management Challenges and Program Risks: Department of Homeland Security GAO-03-102, Jan 1, 2003

Major Management Challenges and Program Risks: Department of Housing and Urban Development GAO-03-103, Jan 1, 2003

Major Management Challenges and Program Risks: Department of the Interior GAO-03-104, Jan 1, 2003

Major Management Challenges and Program Risks: Department of Justice GAO-03-105, Jan 1, 2003

Major Management Challenges and Program Risks: Department of Labor GAO-03-106, Jan 1, 2003

Major Management Challenges and Program Risks: Department of State GAO-03-107, Jan 1, 2003

Major Management Challenges and Program Risks: Department of Transportation GAO-03-108, Jan 1, 2003

Major Management Challenges and Program Risks: Department of the Treasury GAO-03-109, Jan 1, 2003

Major Management Challenges and Program Risks: Department of Veterans Affairs GAO-03-110, Jan 1, 2003

Major Management Challenges and Program Risks: U.S. Agency for International Development GAO-03-111, Jan 1, 2003

Major Management Challenges and Program Risks: Environmental Protection Agency GAO-03-112, Jan 1, 2003

Major Management Challenges and Program Risks: Federal Emergency Management Agency GAO-03-113, Jan 1, 2003

Major Management Challenges and Program Risks: National Aeronautics and Space Administration GAO-03-114, Jan 1, 2003

Major Management Challenges and Program Risks: Office of Personnel Management GAO-03-115, Jan 1, 2003

Major Management Challenges and Program Risks: Small Business Administration GAO-03-116, Jan 1, 2003

Major Management Challenges and Program Risks: Social Security Administration GAO-03-117, Jan 1, 2003

Major Management Challenges and Program Risks: U.S. Postal Service GAO-03-118, Jan 1, 2003

Jul 22, 2014

Jun 17, 2014

Jun 11, 2014

Jun 10, 2014

May 28, 2014

May 21, 2014

May 12, 2014

May 7, 2014

Apr 30, 2014

Looking for more? Browse all our products here