On IT front, everything old is new again

On IT front, everything old is new again<@VM>Bush team will immediately confront some ongoing information technology issues

BY TONY LEE ORR AND PREETI VASISHTHA | GCN STAFF

Federal agencies share scores of broad information technology objectives'security, personnel, cost-efficiency, electronic government and regulatory compliance'but the consequences of failure or success vary widely.

A computer breach at one agency could compromise national security, while a glitch at another might embarrass officials, threaten a citizen's privacy, damage the environment, obstruct a law enforcement investigation, siphon funds from government coffers or cancel a tourist's campground reservation.

President Bush will face a smorgasbord of unforeseen IT challenges over the next four years, but chances are the new administration will quickly become familiar with some perennial problems:

' Recruiting and retaining technology workers at the Agriculture Department remains a critical challenge as retirements, buyouts and private-sector competition lure personnel. Computer security weaknesses put the department at risk for cyberattacks. USDA faces an increasing demand for online services from its chief customers, the nation's farmers.

' The Commerce Department recently embarked on a five-year mission to become a digital organization, but Congress did not provide the funds needed to rewire the Hoover Building headquarters. Instead, Commerce's bureaus are helping to fund the departmentwide Internet-based communications system.

' The Defense Department's IT challenges can be divided into two camps: readiness for immediate deployment and preparation for future conflicts, which could include an increase in information warfare. Both raise concerns about information assurance, recruitment and retention, training, communications and joint interoperability, and are governed by budget constraints and buying regulations.

' The Education Department needs to bolster financial management of critical student aid systems, and audits have revealed departmentwide computer security weaknesses.

' The Energy Department's frequent security lapses are compounded by a culture that has emphasized scientific collaboration over information assurance. Well-publicized cases such as the Wen Ho Lee espionage investigation at the Los Alamos National Laboratory, and inspector general reports that the Savannah River Site failed to wipe discarded computer hardware and disks, sparked congressional hearings, criticism of former Secretary Bill Richardson and creation of the National Nuclear Security Administration.

' Though the Environmental Protection Agency has taken steps to improve its information security, problems still threaten EPA systems, the General Accounting Office reported last August. Also, an October GAO report said the agency's stovepipe systems block data-sharing with federal agencies and private entities.

' The Federal Aviation Administration continues to struggle with its modernization, adopting a 'build a little, test a little' philosophy in an attempt to stanch the hemorrhage of funds required to maintain antiquated systems while the agency deals with troubles in its systems upgrades.

' The Health and Human Services Department continues to struggle with financial management and security issues.

' The Housing and Urban Development Department was among the pioneers of federal Internet services. But stovepipes have made the department's One HUD concept a challenge. Through the project, HUD is working to build links among its agencies and ease data-sharing.

' Interior Department agencies are reeling from project management crises. The Bureau of Land Management banned all IT purchases until it could restructure its IT Investment Board and review field office management. The buying ban followed a $67 million purchase of a system that was less efficient than paper processes.

The Bureau of Indian Affairs is tackling a multimillion-dollar system upgrade that revealed major data integrity issues.

' Internal reviews and independent oversight of computer security at the Justice Department have turned up ineffective password management, poor access controls, weak background check procedures and intrusion detection errors. Also, GAO has questioned the department's ability to oversee its systems projects.

Meanwhile at the FBI, the bureau's Carnivore e-mail sniffing software remains controversial. Critics say it can be configured to monitor too much traffic and lacks an appropriate audit trail function.

The Immigration and Naturalization Service lacks effective cost and schedule controls for IT projects, and project management is weak, GAO reported recently.

' The Labor Department is working on a number of security weaknesses, including inadequate password management and protection, inadequate access controls, shoddy background check procedures and poorly managed intrusion detection. Recruiting and retaining a skilled work force also challenges the IT staff.

' A programming error left NASA blushing when its red-planet probe disappeared into space. During congressional hearings concerning that and other IT failures, NASA officials revealed that future missions would rely more heavily on hard-to-recruit computer programmers.

' The Postal Service faces economic threats from e-mail and private-sector distribution. Electronic-commerce efforts such as the eBillPay service launched in April are losing money.

' The Social Security Administration distributes a weekly e-mail newsletter to inform citizens about its increasing Internet services. The agency consistently scores well on security issues and was one of a handful of agencies that passed a recent financial management test. But SSA systems face an increasing workload as the population ages, and officials find meeting the privacy demands a challenge.

' The State Department, which recently revamped its global network, is leading the Overseas Presence Advisory Panel to develop a common platform for all agencies with offices abroad. But State has suffered computer security embarrassments. A notebook PC loaded with sensitive nuclear data disappeared from the Bureau of Intelligence and Research, prompting a security crackdown, but the machine was never recovered.

' The Transportation Department is trying to consolidate services, targeting data centers as a cost-effective way to maximize information-sharing. The department is also studying innovative ways to use geographic information systems.

' Treasury Department agencies are struggling with costly modernization projects. At headquarters, the IT crew continues work on a systems infrastructure.

At the Customs Service, the long-awaited Automated Commercial Environment will take a year longer to complete because of an $80 million funding shortfall.

The IRS, which has faced formidable systems modernization challenges for more than a decade, recently released yet another blueprint for the service's business process overhaul, which is expected to take five to seven years and cost more than $15 billion.

' The Securities and Exchange Commission's Electronic Data Gathering, Analysis and Retrieval system just joined the Internet age. The revamped EDGAR still must prove it can handle large volumes of filings online.

' The Veterans Affairs Department is struggling to unite its three major agencies, which requires integrating systems that support widely varying services. Security is an issue, too. Last year, the inspector general reported that hired attackers successfully penetrated VA systems.

Assistant managing editor Julie Britt contributed to this report.






align="center">


size="2">Agency'
size="2">Systems goals and challenges


size="2">Agriculture


size="2">' Shrinking IT work force

' Weak information security

' Demand for online services


size="2">Commerce


size="2">' Extensive e-government program

' Budget shortfalls


size="2">Defense


size="2">' Equipping modern warfighters

' Information assurance

' IT work force shortage

' Waging and defending against information warfare

' Joint interoperability


size="2">Education


size="2">' Information security problems

' Financial management weaknesses


size="2">Energy


size="2">' Multiple security lapses at nuclear weapons labs

' Security breaches at headquarters


size="2">Environmental Protection Agency


size="2">' Information security glitches

' Stovepipe systems


size="2">Federal Aviation Administration


size="2">' Upgrading air traffic control systems

' Information security

' Web-enabling multiple systems


size="2">Health and Human Services


size="2">' Weak financial management

' Information security problems


size="2">Housing and Urban Development


size="2">' Stovepipe systems

' Outdated legacy systems


size="2">Interior


size="2">' Project management weaknesses at Bureau of Land Management and Bureau of Indian Affairs


size="2">Justice


size="2">' Computer security glitches

' Poor oversight of IT projects


size="2">Immigration and Naturalization


size="2">' Poor project management Service

' Weak cost controls


size="2">FBI


size="2">' Balancing computer forensics, privacy issues


size="2">Labor


size="2">' Inadequate computer security

' IT work force shortage


size="2">NASA


size="2">' Costly programming, software errors

' IT work force shortage


size="2">Postal Service


size="2">' E-commerce ventures foundering


size="2">Social Security Administration


size="2">' Web-enabling services

' Information assurance

' Privacy

' Looming workload increase


size="2">State


size="2">' International interoperability

' Information security glitches


size="2">Transportation


size="2">' Agencywide data centers


size="2">Treasury


size="2">' Systems upgrades

' E-commerce


size="2">Customs


size="2">' Modernizing systems

' Maintaining legacy systems

' Budget shortfalls


size="2">IRS


size="2">' Business systems modernization


size="2">Veterans Affairs


size="2">' Unifying subagencies

' Security weaknesses


size="2">Securities and Exchange


size="2">' Increased electronic filing Commission

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above