Weaknesses in information security (IS) in the fed. gov¿t. are a problem with potentially devastating consequences -- such as intrusions by malicious users, compromised networks, & the theft of personally identifiable info; it is a high-risk issue. Concerned by reports of significant vulnerabilities in fed. computer systems, Congress passed the Fed. Info. Security Mgmt. Act of 2002 (FISMA), which authorized & strengthened the IS program, eval¿n., & reporting require. for fed. agencies. This testimony discusses security incidents reported at fed. agencies, the continued weaknesses in IS controls at major fed. agencies, agencies¿ progress in performing key control activities, & oppor. to enhance FISMA reporting & independent evaluations. Tables.

Pervasive and sustained cyber attacks continue to pose a potentially devastating threat to the systems and operations of the fed. government. In recent months, fed. officials have cited the continued efforts of foreign nations and criminals to target government and private sector networks; terrorist groups have expressed a desire to use cyber attacks to target the U.S.; and press accounts have reported attacks on the Web sites of government agencies. This statement describes: (1) cyber threats to fed. information systems and cyber-based critical infrastructures; (2) control deficiencies at fed. agencies that make these systems and infrastructures vulnerable to cyber threats; and (3) opportunities that exist for improving fed. cybersecurity.