Computer security is essential to protect public services. However, the United States Audit (GAO) contends that federal agencies "pose risks to information systems."

One of the threats identified in the report as generators of computer insecurity is "employee discontent or neglect" as well as "the wave of emerging technological dangers around the world" and the multiplicity of hackers. According to the US agency, these risks cause "loss of data and breaches of privacy."

Due to the great technological advances achieved in recent years, federal agencies that provide services such as energy distribution, water supply, telecommunications and emergency services have become increasingly dependent on computer systems and electronic data to carry out its operations.

According to the GAO’s research, virtual threats are evolving more and more. In the past six years, the number of cyber incidents reported by federal agencies to the US Computer Emergency Preparedness Team (US-CERT) has increased from 5,503 cases in 2006 to 48,562 in 2012; In other words, the number of demands increased by 782%.

Measures (not) implemented

The US Audit recommended Federal Agencies a number of measures to achieve effective implementation of computer security. However, the problems persist.

One of the GAO's most relevant recommendations was the "design of risk-based cyber security programs in federal agencies." But there are still "deficiencies in risk assessment and in the implementation of security controls."

The "detection, response and mitigation of computer incidents" was another of the observations indicated by the Audit. The agency noted that "the Department of Homeland Security (DHS) made great strides in coordinating federal responses to technological incidents, but there continue to be difficulties in the exchange of information between federal agencies and private sector entities."

The Federal Watchdog also mandated federal agencies to "promote education and work planning." To this extent, the agencies "did not elaborate on how they would achieve strategic planning." Nor were the tasks and responsibilities clear.

Another of the recommendations that is not completely resolved is that of "addressing the challenges of international computer security." It is that the approach of the government to face this aspect "was neither completely defined nor implemented."

What else is missing?

"Measures of performance, cost, resources, functions and responsibilities have not yet been taken." Improving these capabilities is a major step in improving federal information security.

The US Audit states: "Management needs to prepare a national strategy." Similarly, "Congress should consider legislating these issues."

"The Executive Branch, promptly the Department of Homeland Security, has to continue working to optimize its analytical and technical capabilities in the cybernetic field," concludes the report.