Summary: Testimony was given concerning computer and telecommunications security vulnerabilities in Federal departments and agencies. GAO stated that the potential for data loss is increasing because more information is maintained in automated systems. The importance of the necessity for all Government agencies to contribute to achieving security was emphasized. A comprehensive policy is needed; however, GAO has found that the line between internal-control policy and computer security policy is a difficult one to draw. Two challenges which face the agencies are the followup reviews of agency compliance with the Financial Integrity Act and internal control policy initiatives and the fostering of an environment where exchange of information on security techniques between civil and defense agencies can be accomplished. Strengthened legislation and policy could also aid information security. However, executive agency action would have the most tangible and timely impact. GAO stated that, if agency evaluations of internal controls in response to the Financial Integrity Act afford the appropriate attention to information security, threats should be minimized. In addition, the combined impetus provided by the President's Council on Integrity and Efficiency and the inspectors general should bolster internal auditing capabilities. Other positive recent developments include: (1) Office of Management and Budget efforts to review the agencies' information resources management activities every 3 years; (2) reports which call for a stronger Government-wide emphasis on information resources management; and (3) the fact that the administration's Reform 88 program has set a goal of making Federal computer and communications systems more compatible so that waste, fraud, and abuse of programs can be reduced.
