GAO information assurance chief offers security advice to agencies

GAO information assurance chief offers security advice to agencies

The General Accounting Office's Keith A. Rhodes said, 'I told you so,' last week to the House Science Subcommittee on Technology.

'About this time last year I testified before this subcommittee on the Melissa virus, which temporarily disrupted the operations of some agencies,' said Rhodes, director of GAO's Office of Computer and Information Assurance.

'I stressed that the next virus would likely propagate faster, do more damage and be more difficult to detect and counter,' he said. 'This is just what we have experienced with ILOVEYOU.'

The House panel held a hearing last week on the ILOVEYOU virus, which affected thousands of government computers in its two-day tear around the world. Rhodes said the government has not done enough to protect its systems from such threats.

'Federal agencies must implement vigorous security programs to enable them to closely watch their information resources for signs of attack or intrusion, and to quickly react,' he said.

He offered a list of immediate actions that agencies should take:

•Increase awareness of security needs.

•Ensure existing controls are effective.

•Ensure software patches are up-to-date.

•Use automated scanning and testing tools to identify problems quickly.

•Expand use of best security practices.

•Address common vulnerabilities.

'While these actions can jump-start security efforts, they will not result in fully effective and lasting improvements unless they are supplemented by a strong management framework,' Rhodes said.

'Shruti Dat'


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected