GAO Faults 'Inconsistent' Online Security Programs - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Business & Finance

GAO Faults 'Inconsistent' Online Security Programs

Spending amounting to $1 billion has resulted in decidedly mixed results for public key infrastructure projects.

The federal government has spent about $1 billion on 89 public key infrastructure programs among 20 major agencies in recent years, but the results of those programs are mixed, according to a report issued by the General Accounting Office.

PKI is a secure method for exchanging information within an organization, within an industry, nationwide, or worldwide.

Implementing PKI poses a major challenge for agencies, Linda Koontz, GAO's director of information management issues, wrote in a letter to Reps. Tom Davis and Adam Putnam, who chair House panels with oversight on governmental IT use. The letter was dated Dec. 15, but released Thursday.

GAO, the investigative arm of Congress, identified four major challenges:

• Policy and guidance. Both are lacking or ill-defined in a number of areas, including technical standards and legal issues.

• Funding. Besides the high costs associated with the technology, cost models are lacking, making accurate budgeting more difficult. In addition, costs are increased when systems must be designed to accommodate the uncertainty associated with undefined standards.

• Interoperability. Integrating PKI systems with others such as network, security, and operating systems often requires significant changes or even replacement of systems.

• Training and administration. Training is required for personnel to use and manage public key infrastructure, and basic PKI requirements and processes impose significant administrative burdens.

Still, the GAO notes, the governmentwide Federal Bridge Certification Authority and Access Certificates for Electronic Services programs continue to promote the adoption and implementation of PKI, though the results of these programs have been inconsistent. The level of participation in the certification authority, which provides a way to link independent agency public key infrastructures into a broader network, is the same as in 2001, the last time the GAO examined the matter. Only four agencies are certified to operate through the network. Additional agencies plan to participate in the future, as well as nonfederal organizations, such as the state of Illinois, the Canadian government, and educational consortiums, GAO says.

Similarly, the agency says, the electronic-services program, which offers agencies various PKI services through the General Services Administration, has garnered lower-than-expected participation among federal agencies. GSA plans to revise the pricing structure associated with the electronic-services program to improve participation levels.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Enterprise Guide to Digital Transformation
Cathleen Gagne, Managing Editor, InformationWeek,  8/13/2019
IT Careers: How to Get a Job as a Site Reliability Engineer
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/31/2019
AI Ethics Guidelines Every CIO Should Read
Guest Commentary, Guest Commentary,  8/7/2019
Register for InformationWeek Newsletters
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll