Despite warnings of lax security and loose management of information technology investments, the US federal government spent at least $US2.9 billion on IT related to domestic security in 2002 and will spend at least that much in 2003, according to a report released Tuesday by the General Accounting Office (GAO).
The report, available at http://www.gao.gov/new.items/d03250.pdf, was requested by the US Senate's Permanent Subcommittee on Investigations, part of the Committee on Governmental Affairs, to identify and analyse IT spending related to domestic security.
The GAO found that of the IT spending related to domestic security in fiscal year 2002, $US1.2 billion was attributable to organisations being folded into the new US Department of Homeland Security. In 2003, that figure will rise to $US1.3 billion, the GAO found.
In reaching its conclusions, the GAO reviewed the budgets for 24 departments and agencies to identify IT projects related to domestic security. Those agencies included the departments of Defense, Health and Human Services, Transportation, Justice, Treasury and Energy, among others.
The biggest consumers of IT dollars related to domestic security in 2003 will be the US Immigration and Naturalization Service, part of the US Department of Justice; the Transportation Security Agency, part of the US Department of Transportation and the US Customs Service, part of the US Department of the Treasury, the GAO said.
The US Department of Justice is set to receive $US779 million in IT security funds in 2003. The departments of Transportation and Treasury will receive $US681 million and $US634 million respectively, according to the report.
Many projects related to domestic security did not show up in its review of agency budgets, however.
IT infrastructure projects involving multiple agencies, new intelligence systems and funding related to ongoing operations at agencies such as the US Department of Defense (DOD) and the US Federal Aviation Administration put the real IT cost for domestic security much higher than the new report indicates, the GAO said.
While it agreed that information technology will play an important role in preventing future attacks and improving the nation's domestic security, the GAO used the report to warn that the effectiveness of the federal government's IT investments on security could be undercut by unresolved IT management issues for which the GAO has issued recommendations for remediation.
Those recommendations cover issues such as developing procedures to better secure information, creating an enterprise architecture — a blueprint that guides the broad decisions necessary to create an organisational information support system — and managing IT investment and acquisitions, the GAO said.
In the area of information security, most of the agencies that were reviewed showed significant weaknesses in areas such as program management, access management and segregation of duties.
In a report on computer security released in November, the congressional office found "significant weaknesses in federal computer systems that put critical operations and assets at risk." That report is available at http://www.gao.gov/new.items/d03303t.pdf.
In the report released Tuesday, the GAO said that only 4 per cent of federal agencies had management practices that reflect mature enterprise architecture framework.
The Department of Treasury led the list of agencies with open GAO IT recommendations, with 346.
Treasury was followed by the DOD with 119 open recommendations and the Department of Transportation with 40. The DOD will receive $US45 million in IT funding for security in 2003, while Transportation will see its allotment for IT security increase from just $US2.7 million to over $US680 million, according to the GAO.