From the U.S. Government Accountability Office, www.gao.gov

Transcript for: High Risk: Information Security

Description: As part of GAO's High-Risk series, Gregory Wilshusen, a
Director of GAO's IT team, describes why GAO put the nation's
information security systems on its list of programs at high risk for
waste, fraud, abuse or mismanagement.

Released on: July 28, 2010

[ Music ]

My name is Gregory Wilshusen, GAO's Director of Information Security
Issues. Federal agencies and our nation's critical infrastructures, such
as power distribution, the telecommunications networks, and the
financial markets, face increasing cyber threats. Serious security
vulnerabilities pervade our nation's systems. Wide-ranging and sustained
cyber attacks show signs of success as federal agencies reported 30,000
security incidents in fiscal year 2009—an increase of over 400 percent
in 4 years. Federal information security has been on GAO's list of
high-risk areas since 1997, and in 2003, we expanded the area to include
cyber-reliant critical infrastructure. Since then, federal efforts to
enhance security have made some progress, but more needs to be done. We
believe the Administration, with congressional input, needs to
immediately design and deploy a national cyber security strategy,
effectively implement governmentwide initiatives intended to improve
federal information security, and increasingly engage the private sector
in collaborative efforts to better protect our cyber-reliant critical
infrastructure from our adversaries.

[ Music ]