January 15, 2003, 12:20 PM — Despite warnings of lax security and loose management of information technology investments, the U.S. federal government spent at least US$ 2.9 billion on IT related to domestic security in 2002 and will spend at least that much in 2003, according to a report released Tuesday by the General Accounting Office (GAO).
The report, available at http://www.gao.gov/new.items/d03250.pdf, was requested by the U.S. Senate's Permanent Subcommittee on Investigations, part of the Committee on Governmental Affairs, to identify and analyze IT spending related to domestic security.
The GAO found that of the IT spending related to domestic security in fiscal year 2002, $1.2 billion was attributable to organizations being folded into the new U.S. Department of Homeland Security. In 2003, that figure will rise to $1.3 billion, the GAO found.
In reaching its conclusions, the GAO reviewed the budgets for 24 departments and agencies to identify IT projects related to domestic security. Those agencies included the departments of Defense, Health and Human Services, Transportation, Justice, Treasury and Energy, among others.
The biggest consumers of IT dollars related to domestic security in 2003 will be the U.S. Immigration and Naturalization Service, part of the U.S. Department of Justice; the Transportation Security Agency, part of the U.S. Department of Transportation and the U.S. Customs Service, part of the U.S. Department of the Treasury, the GAO said.
The U.S. Department of Justice is set to receive $779 million in IT security funds in 2003. The departments of Transportation and Treasury will receive $681 million and $634 million respectively, according to the report.
Many projects related to domestic security did not show up in its review of agency budgets, however.
IT infrastructure projects involving multiple agencies, new intelligence systems and funding related to ongoing operations at agencies such as the U.S. Department of Defense (DOD) and the U.S. Federal Aviation Administration put the real IT cost for domestic security much higher than the new report indicates, the GAO said.
While it agreed that information technology will play an important role in preventing future attacks and improving the nation's domestic security, the GAO used the report to warn that the effectiveness of the federal government's IT investments on security could be undercut by unresolved IT management issues for which the GAO has issued recommendations for remediation.
Those recommendations cover issues such as developing procedures to better secure information, creating an enterprise architecture -- a blueprint that guides the broad decisions necessary to create an organizational information support system -- and managing IT investment and acquisitions, the GAO said.
In the area of information security, most of the agencies that were reviewed showed significant weaknesses in areas such as program management, access management and segregation of duties.
In a report on computer security released in November, the congressional office found "significant weaknesses in federal computer systems that put critical operations and assets at risk." That report is available at http://www.gao.gov/new.items/d03303t.pdf.
In the report released Tuesday, the GAO said that only 4 percent of federal agencies had management practices that reflect mature enterprise architecture framework.
The Department of Treasury led the list of agencies with open GAO IT recommendations, with 346.
Treasury was followed by the DOD with 119 open recommendations and the Department of Transportation with 40. The DOD will receive $45 million in IT funding for security in 2003, while Transportation will see its allotment for IT security increase from just $2.7 million to over $680 million, according to the GAO.
