GAO Faults 'Inconsistent' Online Security Programs - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Business & Finance

GAO Faults 'Inconsistent' Online Security Programs

Spending amounting to $1 billion has resulted in decidedly mixed results for public key infrastructure projects.

The federal government has spent about $1 billion on 89 public key infrastructure programs among 20 major agencies in recent years, but the results of those programs are mixed, according to a report issued by the General Accounting Office.

PKI is a secure method for exchanging information within an organization, within an industry, nationwide, or worldwide.

Implementing PKI poses a major challenge for agencies, Linda Koontz, GAO's director of information management issues, wrote in a letter to Reps. Tom Davis and Adam Putnam, who chair House panels with oversight on governmental IT use. The letter was dated Dec. 15, but released Thursday.

GAO, the investigative arm of Congress, identified four major challenges:

• Policy and guidance. Both are lacking or ill-defined in a number of areas, including technical standards and legal issues.

• Funding. Besides the high costs associated with the technology, cost models are lacking, making accurate budgeting more difficult. In addition, costs are increased when systems must be designed to accommodate the uncertainty associated with undefined standards.

• Interoperability. Integrating PKI systems with others such as network, security, and operating systems often requires significant changes or even replacement of systems.

• Training and administration. Training is required for personnel to use and manage public key infrastructure, and basic PKI requirements and processes impose significant administrative burdens.

Still, the GAO notes, the governmentwide Federal Bridge Certification Authority and Access Certificates for Electronic Services programs continue to promote the adoption and implementation of PKI, though the results of these programs have been inconsistent. The level of participation in the certification authority, which provides a way to link independent agency public key infrastructures into a broader network, is the same as in 2001, the last time the GAO examined the matter. Only four agencies are certified to operate through the network. Additional agencies plan to participate in the future, as well as nonfederal organizations, such as the state of Illinois, the Canadian government, and educational consortiums, GAO says.

Similarly, the agency says, the electronic-services program, which offers agencies various PKI services through the General Services Administration, has garnered lower-than-expected participation among federal agencies. GSA plans to revise the pricing structure associated with the electronic-services program to improve participation levels.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Get Your Enterprise Ready for 5G
Mary E. Shacklett, Mary E. Shacklett,  1/14/2020
Modern App Dev: An Enterprise Guide
Cathleen Gagne, Managing Editor, InformationWeek,  1/5/2020
9 Ways to Improve IT and Operational Efficiencies in 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  1/2/2020
Register for InformationWeek Newsletters
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll