Recent cyber attacks demonstrate the potentially devastating impact these pose to our nation¿s computer systems and to the fed. operations and critical infrastructures that they support. They also highlight that we need to be vigilant against individuals and groups with malicious intent, such as criminals, terrorists, and nation-states perpetuating these attacks. The Dept. of Homeland Security (DHS) is the focal point for coordinating cybersecurity, including responsibility for protecting systems that support critical infrastructures, a practice commonly referred to as cyber critical infrastructure protection. This report summarizes key reports and associated recommendations aimed at securing our nation¿s cyber critical infrastructure.
The fed. gov't. anticipates spending $79 billion on info. tech. (IT) in FY 2011. The Office of Mgmt. and Budget (OMB) plays a key role in overseeing the implementation and mgmt. of federal IT investments. It is critical for OMB and federal agencies to provide appropriate program oversight and ensure adequate transparency. In 2009 OMB deployed a public Web site known as the IT Dashboard that provides detailed info. on 800 major federal IT investments, incl. assessments of these investments' performance against cost and schedule targets. This testimony discusses OMB's efforts to improve the oversight and mgmt. of federal IT investments through the use of the Dashboard and other efforts. Illus. This is a print on demand report.
In Aug. 2008, the IRS began defining a new strategy for modernizing the way it manages individual taxpayer accounts. The strategy, known as Customer Account Data Engine (CADE) 2, is expected to provide service, compliance, and other benefits to IRS and to taxpayers beginning in 2012. This report: (1) determines whether IRS has identified the expected benefits of CADE 2 and set targets for measuring success; (2) examines the estimated costs and assess IRS's process for developing them; and (3) assesses IRS's process for managing the risks associated with CADE 2 and describes the risks IRS has identified using this process. Charts and tables. This is a print on demand report.
The fed. govt. spends billions of dollars on info. tech. (IT) projects each year. Consequently, it is important that projects be managed effectively to ensure that public resources are wisely invested. To this end, the OMB identifies major projects and requires agencies to identify high-risk projects that are performing poorly. At times, changes to this info. -- called a re-baselining -- are made to reflect changed development circumstances. These changes can be done for valid reasons, but can also be used to mask cost overruns and schedule delays. This report: (1) provides an update on these projects; (2) identifies OMB¿s efforts to improve the identification and oversight of these projects; and (3) summarizes the results of an IT project re-baselining report.
Because the nation's critical infrastructure relies on info. tech. systems and data, the security of those assets is critical to ensuring national security and public safety. In 2003, the Pres. directed federal agencies to: (1) develop plans for the protection of their computer-related critical infrastructure assets; and (2) submit them for approval to the Office of Mgmt. and Budget (OMB) by 7/31/04. To do this, OMB issued guidance with 19 criteria deemed essential for effective cyber critical infrastructure protection planning that must be included in the plans. This report determined: (1) the extent to which agencies developed their plans and whether they submitted them to OMB by the deadline; and (2) whether the plans met criteria in OMB's guidance. Illus.
Cyber analysis and warning capabilities are critical to thwarting computer-based (cyber) threats and attacks. The Dept. of Homeland Security (DHS) established the U.S. Computer Emergency Readiness Team (US-CERT) to, among other things, coordinate the nation¿s efforts to prepare for, prevent, and respond to cyber threats to systems and communications networks. This report: (1) identifies key attributes of cyber analysis and warning capabilities; (2) compares these attributes with US-CERT¿s current capabilities to identify whether there are gaps; and (3) identifies US-CERT¿s challenges to developing and implementing key attributes and a successful national cyber analysis and warning capability. Includes recommendations. Illus.
Recent foreign-based intrusions on the computer systems of U.S. fed. agencies and businesses highlight the vulnerabilities of the interconnected networks that comprise the Internet, as well as the need to adequately address the global security and governance of cyberspace. Fed. law give a number of fed. entities respon. for representing U.S. cyberspace interests abroad, in collab. with the private sector. This report identifies: (1) significant entities and efforts addressing global cyberspace security and governance issues; (2) U.S. entities responsible for addressing these issues and the extent of their involvement at the international level; and (3) challenges to effective U.S. involvement in global cyberspace security and governance efforts. Charts and tables.
In FY 2008, the FAA plans to spend $2 billion on info. technology (IT) investments -- many of which support FAA¿s air traffic control modernization. To more effectively manage such investments, in 2005 the Office of Mgmt. and Budget required agencies to use earned value mgmt. (EVM). EVM is a project mgmt. approach that provides objective reports of project status, produces early warning signs of impending schedule delays and cost overruns, and provides unbiased estimates of a program¿s total costs. This report: assesses FAA¿s policies for implementing EVM on its IT investments; evaluates whether the agency is adequately using these techniques to manage key IT acquisitions; and assesses the agency¿s efforts to oversee EVM compliance. Tables.
The Dept. of Homeland Security (DHS) is the focal point for the security of cyberspace. DHS is required to coordinate cyber attack exercises to strengthen public and private incident response capabilities. One major exercise program, called Cyber Storm, is a large-scale simulation of multiple concurrent cyber attacks involving the fed. gov¿t., states, foreign gov¿ts., and private industry. DHS has conducted Cyber Storm exercises in 2006 and 2008. This report: (1) identifies the lessons that DHS learned from the first Cyber Storm exercise; (2) assesses DHS¿s efforts to address the lessons learned from this exercise; and (3) identifies key participants¿ views of their experiences during the second Cyber Storm exercise. Includes recommendations. Illus.
Technological advances have led to an increasing convergence of previously separate networks used to transmit voice and data commun. Such interconnectivity poses significant challenges to our nation¿s ability to respond to major disruptions. Two oper. centers -- managed by the Dept. of Homeland Security (DHS) -- plan for and monitor disruptions on voice and data networks. In Sept. 2007, a DHS task force made 3 recommendations toward establishing an integrated operations center that DHS agreed to adopt. To determine the status of efforts to establish this center, this report reviewed documentation, interviewed relevant DHS and private sector officials, and reviewed laws and policies to identify DHS¿s responsibilities in addressing convergence. Illus.
In FY 2009, the fed. gov¿t. planned to spend $71 billion on information technology (IT) investments. To more effectively manage such investments, agencies were directed to implement earned value management (EVM). EVM is a project management approach that provides objective reports of project status, produces early warning signs of impending schedule delays and cost overruns, and provides unbiased estimates of anticipated costs at completion. This report assessed selected agencies' EVM policies, determined whether they are adequately using EVM techniques to manage key system acquisitions, and evaluated selected investments' EVM data to determine their cost and schedule performances. Charts and tables.
This is a print on demand edition of a hard to find publication. NOAA, with the aid of NASA, is to procure the next generation of geostationary operational environ. satellites, called Geostationary Operational Environ. Satellite-R (GOES-R) series. The GOES-R series is to replace the current series of satellites, which will reach the end of their useful lives in 2015. This new series is considered critical to the U.S.' ability to maintain data required for weather forecasting through the year 2028. This report: (1) determined the status of the GOES-R acquisition; (2) evaluated whether NOAA has established adequate contingency plans in the event of delays; and (3) assessed NOAA's efforts to identify GOES data users, prioritize their data needs, and communicate with them about the program's status. Charts and tables.
In the 8 years since a contract was awarded, the National Polar-Orbiting Operational Environ. Satellite System (NPOESS) -- a tri-agency program managed by NOAA, DoD, and NASA -- has experienced escalating costs, schedule delays, and ineffective interagency mgmt. The launch date for a demo. satellite has been delayed by 5 years and the cost estimate for the program has more than doubled. In Feb. 2010, NPOESS was disbanded, and, instead, the agencies have undertaken separate acquisitions. This report: (1) assessed efforts to establish separate satellite programs; (2) evaluated the status and risks of the NPOESS components still under development; and (3) evaluated the implications of using the demo. satellite's data operationally. Illus.
The Federal Funding Accountability and Transparency Act of 2006 (FFATA) is intended to increase the transparency of and accountability for the over $1 trillion that federal agencies award each year in contracts, loans, grants, and other awards. The act required the OMB to establish, no later than Jan. 1, 2008, a publicly accessible Web site containing data on federal awards. This report determined the extent to which: (1) OMB is complying with FFATA requirements to make federal award data available; (2) federal agencies are reporting required award data; and (3) inconsistencies exist between data on the Web site and records at federal agencies. Includes recommendations. Illustrations.
Since 2001, the National Archives and Records Admin. (NARA) has been developing an Electronic Records Archive (ERA) to preserve and provide access to massive volumes of electronic records independent of their original hardware and software. The 2009 Omnibus Appropriations Act requires NARA to submit an expenditure plan for ERA to Congress. The objectives of this report were to: (1) determine whether NARA's FY 2009 plan meets the legislative conditions set forth in the 2009 Omnibus Appropriations Act; (2) provide an update on NARA's progress in implementing recommendations made in a review of NARA's 2008 expenditure plan; and (3) provide any other observations about the expenditure plan and the ERA acquisition. Tables.
Fed. policy identifies 18 infrastructure sectors -- such as banking and finance, energy, public health and healthcare and telecomm. -- that are critical to the nation¿s security, economy, public health, and safety. These sectors rely extensively on computerized info. technology (IT) systems and electronic data. It is crucial that the security of these systems and data is maintained. The fed. gov¿t. uses both voluntary partnerships with private industry and require in fed. laws, reg¿s., and standards to assist in the security of privately owned IT systems and data. This report: identifies the fed. laws, reg¿s., and mandatory standards that pertain to securing that sector¿s privately owned IT systems and data; and identifies the enforcement mechanisms for each of the above. Ill.
Environmental satellites provide data that are used for forecasting the weather, measuring variations in climate over time, and predicting space weather. In planning for the next generation of these satellites, federal agencies originally sought to fulfill weather, climate, and space weather requirements. However, in 2006, federal agencies restructured two key satellite acquisitions. This involved removing key climate and space weather instruments. This report: (1) assessed plans for restoring the capabilities that were removed from the two key satellite acquisitions; and (2) evaluated federal efforts to establish a strategy for the long-term provision of satellite-provided space weather, and climate data. Charts and tables.
In the 8 years since a contract was awarded, the National Polar-Orbiting Operational Environ. Satellite System (NPOESS) -- a tri-agency program managed by NOAA, DoD, and NASA -- has experienced escalating costs, schedule delays, and ineffective interagency mgmt. The launch date for a demo. satellite has been delayed by 5 years and the cost estimate for the program has more than doubled. In Feb. 2010, NPOESS was disbanded, and, instead, the agencies have undertaken separate acquisitions. This report: (1) assessed efforts to establish separate satellite programs; (2) evaluated the status and risks of the NPOESS components still under development; and (3) evaluated the implications of using the demo. satellite's data operationally. Illus.
Because the nation's critical infrastructure relies on info. tech. systems and data, the security of those assets is critical to ensuring national security and public safety. In 2003, the Pres. directed federal agencies to: (1) develop plans for the protection of their computer-related critical infrastructure assets; and (2) submit them for approval to the Office of Mgmt. and Budget (OMB) by 7/31/04. To do this, OMB issued guidance with 19 criteria deemed essential for effective cyber critical infrastructure protection planning that must be included in the plans. This report determined: (1) the extent to which agencies developed their plans and whether they submitted them to OMB by the deadline; and (2) whether the plans met criteria in OMB's guidance. Illus.
Thank you for visiting our website. Would you like to provide feedback on how we could improve your experience?
This site does not use any third party cookies with one exception — it uses cookies from Google to deliver its services and to analyze traffic.Learn More.