Summary: Testimony was given concerning: (1) the nature of the information security problem as it affects Federal automated systems and their supporting telecommunications networks; (2) the key factors of legislation, policy, management, and auditing which affect information security; (3) GAO audit findings which indicated shortfalls that have contributed to security problems; and (4) recent Federal initiatives which could have an important impact on solving these problems. The vulnerabilities which face computer systems increase as technology advances, and present legislation is inadequate with respect to interceptions of wire communications. GAO has found that the central agencies responsible for information management have not provided complete and coordinated guidance and have not ensured that agencies comply with existing guidance. Executive agencies are generally doing little to implement information security program policies and guidance and are not aware of how highly vulnerable their systems are to fraud, waste, abuse, and illegal practices. GAO also found that several internal audit organizations have not provided adequate audit coverage for their computer systems and applications and do not always comply with Comptroller General audit standards. The proposed Federal Computer Systems Protection Act, if passed, could help the Government take punitive action against those who misuse its automated systems. In addition, the Office of Management and Budget plans to revise existing circulars on information management, and the President's Council on Integrity and Efficiency is taking steps that may improve information security.
