Site Map - Government Reports (GAO etc.)

A Web of Intelligence Networks

- Getting government agencies to share security information means first identifying the networks involved. A congressional briefing by the Government Accountability Office identified nine agencies and 34 networks that support homeland security functions (two of these networks are still under development). The briefing outlines each network and gives examples of how they might work together for counterterrorism efforts. Information Technology: Major Federal Networks That Support Homeland Security Functions is available via SM Online.

Diploma mills

- Yes, there really is a company operating on the Internet as Degrees-R-Us, and GAO auditors purchased bogus degrees from a fictitious university from the company, according to Robert J. Cramer, who testified before the House Subcommittee on 21st Century Competitiveness, Committee on Education and the Workforce. The GAO also set up its own diploma mill and was able to obtain certification from the Department of Education to enroll in the Federal Family Education Loan Program. Finally, GAO auditors determined that some senior-level federal employees have obtained degrees from diploma mills, though specific numbers couldn't be determined.

Intelligence reform

- Because significant changes in large organizations can take at least five to seven years, Congress might want to address the transformation of the intelligence community by lengthening the terms of directors, testified the GAO's J. Christopher Mihm before the Subcommittee on Oversight of Government Management, the Federal Workforce, and the District of Columbia, of the Committee on Governmental Affairs. He also spoke about how the FBI has been matching special agents and analysts with critical skills to address its top priorities, a model that the intelligence community might want to follow.

Nuclear security

- While the Nuclear Regulatory Commission (NRC) has bolstered security at nuclear plants since 9-11, the GAO cannot yet say whether each plant "has taken reasonable and appropriate steps to address the new design-basis threat," which establishes the maximum terrorist threat that a facility must defend against. Security plans reviewed by GAO lacked "important site-specific information," including where responding guards were to be stationed. Moreover, the GAO noted that the NRC isn't sharing with plants lessons learned from inspections at those plants.


- GAO examined progress made by the financial markets in improving disaster preparedness. Improvements included greater protection of networks from hackers, geographically removed backup facilities, creation of a private network for routing data between broker-dealers and various markets, and the issuance of business continuity guidelines.

Homeland security

- GAO auditors came up with a set of best practices that regional governmental bodies can adopt. They include making sure to have representation from diverse jurisdictions and stakeholders, developing strategic plans with quantifiable goals, and finding out how to take advantage of federal grants.

Nuclear security.

- The GAO reports that security at nuclear facilities has improved but vulnerability to terror attacks may remain.

DHS Cybersecurity

- The Department of Homeland Security (DHS) has made many improvements in its information security program, according to the agency's Inspector General (IG). However, he notes in a new report that the agency still lacks "an accurate and complete system inventory." An effort is being made to create such an inventory with assistance from an outside contractor, but without an inventory in place, the IG was unable to determine whether systems have been properly certified and accredited. Read the report.

GAO Report

- "We deliver for you," the U.S. Postal Service likes to say in its ads. Delivery of physical security for its facilities hasn't been as regular, however. GAO site visits to 13 "core facilities revealed a number of security problems," including unaccounted-for keys, deactivated alarms, unlocked gates, unsecured stamps, and employees without ID badges. On the positive side, the USPS has specified security requirements for core facilities and has made gains in carrying these out. @ SM Online has the GAO report on the audit.

EPA Response

- The Government Accountability Office report questions the Environmental Protection Agency’s ability to respond to indoor contamination in future disasters.

Quick Bytes : Vulnerable infrastructure

- Federal agencies are not consistently implementing the basics of information security, such as performing periodic risk assessments, developing and maintaining up-to-date security plans, creating and testing contingency plans, and evaluating and monitoring the effectiveness of security controls, according to a report from the Government Accountability Office (GAO). @ Protecting the Federal Government's Information Systems and the Nation's Critical Infrastructures is at SM Online.

Cost of War on Terrorism Should Not Be Hidden

- The GAO tells the Pentagon to stop using emergency requests to fund "the long war."

FederalWireless Woes

- Government agencies are not taking the proper procedures to ensure that wireless networks are secure, leaving their networks susceptible to attack. That is the alarming conclusion of a Government Accountability Office (GAO) study of security controls at 24 agencies and assessments of wireless security at six federal agencies in the nation’s capital.

Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.