Government Agencies Making Progress On IT SecurityGovernment Agencies Making Progress On IT Security

An OMB report says progress has been made, but more threats and vulnerabilities have developed.

information Staff, Contributor

March 4, 2003

3 Min Read
information logo in a gray background | information

Federal agencies have made considerable progress in discovering and tackling deep-rooted and serious IT security problems, the White House told Congress in a 131-page report issued by the Office of Management and Budget. Despite hard work by agencies to overcome these problems through painstaking security reviews during the past year, OMB said, much work remains. Though progress has been made, the report cautioned that more threats and vulnerabilities also have materialized.

In fiscal year 2001, OMB established a baseline for agency IT security performance. Against that baseline, OMB determined that the agencies showed significant progress during fiscal 2002 in overcoming IT security concerns. "For example," the report said, there were "increases in the percentage of systems with security plans and the percentage of systems certified and accredited."

In 2001, only 40% of 7,411 government IT systems had an up-to-date security plan; last year, 62% of the 7,957 systems reviewed had such plans. Similarly, in 2001, only 30% of the IT systems had contingency plans versus 55% in 2002.

In an OMB report to Congress a year ago, the White House office noted six common governmentwide IT security weaknesses in 2001:

  • Lack of agency senior management attention to IT security

  • Nonexistent IT security performance measures

    Poor security education and awareness

    Failure to fully fund and integrate security into capital planning and investment-control process

    Failure to ensure that contractor services are adequately secure

    Lack of detecting, reporting, and sharing information on vulnerabilities.

A year later, OMB reported, progress is clearly evident across these six areas. While additional efforts are still warranted, the federal government is heading in the right direction, OMB said.

In the last fiscal year, of the $48 billion allotted for IT, about $2.7 billion was spent on security. OMB estimates the government will spend $4.2 billion on IT security in the current fiscal year, which ends Sept. 30, and $4.7 billion will be spent in fiscal 2004. Spending more on IT security doesn't always improve IT security performance, OMB said. Rather, the report said, the key is effectively incorporating IT security in project and agency management actions.

To that end, OMB administers and implements agency remediation efforts through traditional management and budget processes that hold agencies, including CIOs and agency program officials, answerable for the security of the information and systems that support their programs. Specifically, OMB gauges and tracks progress through annual agency IT security reports, IT budget filings, and the president's management agenda using an E-government scorecard, quarterly reports from agencies on their plans of action and milestones progress, and quarterly updates from agencies on their progress against IT security performance measures.

In its report to Congress, OMB addressed three milestones for the coming year to overcome governmentwide IT security weaknesses:

  • All agencies must establish and maintain an agencywide process for developing and implementing program and system-level plans. Their plans of action and milestones must serve as agencies' authoritative management tools, to ensure that they fix program and system-level IT security weaknesses. By Sept. 30, the White House is requiring all agencies to create a process to ensure that program and system-level IT security weaknesses, once identified, are tracked and corrected.

  • Many agencies find themselves faced with the same security weaknesses year after year--such as systems that lack security plans that haven't been certified and accredited. OMB said it will continue to help agencies prioritize and reallocate money to address these problems. President Bush's budget set a goal that by year's end 80% of federal IT systems will be certified and accredited.

    Significant problems remain, particularly in guaranteeing security of legacy systems. By year's end, the administration hopes that 80% of the government's major IT investments will appropriately integrate security into the life cycle of the investment.

Read more about:

20032003

About the Author

information Staff

information Staff

Contributor

See more from information Staff
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

A group of smiling college graduates celebrating their graduation.
IT Leadership
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era

Jan 17, 2025

Flame front of the Eaton Fire on the first night during the January 2025 California wildfires in Altadena and Los Angeles
IT Sectors
How Tech Supports the Emergency Response to the LA County Wildfires
How Tech Supports the Emergency Response to the LA County Wildfires

Jan 16, 2025

Graphic Pop Art style Illustration of Keanu Reeves as NEO from the film, The Matrix
IT Infrastructure
Y2K and Infrastructure Resilience 25 Years Later
Y2K and Infrastructure Resilience 25 Years Later

Jan 7, 2025

Young businessman working on a virtual screen of the future and sees the inscription: Now hiring
IT Leadership
Help Wanted: IT Hiring Trends in 2025
Help Wanted: IT Hiring Trends in 2025

Nov 20, 2024

Cobol programming language software development concept on vitual screen.
IT Leadership
Untangling Enterprise Reliance on Legacy Systems
Untangling Enterprise Reliance on Legacy Systems

Jan 21, 2025

Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports