Summary: Serious weaknesses in the Defense Department's (DOD) information security continue to give hackers and hundreds of thousands of unauthorized users a chance to modify, steal, inappropriately disclose, and destroy sensitive military data. These weaknesses impair the military's ability to (1) control physical and electronic access to its systems and data; (2) ensure that software is properly authorized, tested, and functioning; (3) limit employees' ability to perform incompatible functions, and (4) resume operations in the event of a disaster. Defense functions, including weapons and supercomputer research, logistics, finance, procurement, personnel management, military health, and payroll, have already been harmed by system attacks or fraud. Although some corrective measures have been taken in response to an earlier GAO report (GAO/AIMD-96-84, May 1996), DOD's progress in correcting the control weaknesses cited during GAO's earlier review has been inconsistent, and weaknesses persist in every area of general controls.