Data in, data out

The Washington Post reports on recent GAO congressional testimony about a basic security concern.

Government agencies have a long way to go before they can assure taxpayers that the country’s secrets – as well as citizens’ personal information – are secure, according to recent government reports.
In fact, the Government Accountability Office testified to Congress last week that “poor information security is a widespread problem with potentially devastating consequences.”

Among the potential concerns that the GAO identified in testimony to a Senate subcommittee: If systems aren’t secure, sensitive information, such as taxpayer data, Social Security records and medical records, could be “inappropriately disclosed, browsed or copied for improper or criminal purposes.”

As in the breach of three presidential candidates’ passport files, the use of outside contractors has been cited as a possible problem by the GAO and other government investigators.

In a 2005 report, the GAO found that most government agencies have security policies on the books and written in contracts with outside vendors. But those policies often didn’t go far enough to properly oversee the work of those contractors, the GAO said.

In the recent GAO testimony, investigators found that the percentage of employees and outside contractors receiving security-awareness training had dropped from 2006 to 2007.

These issues are complex, but these issues are not new either. On the one hand we have growing and sophisticated total awareness sort of programs for gathering information on US citizens, but pay inadequate attention to information we already have.

And there is less training for security awareness, what ever that means. The state of the White House systems concerning communication sounds simply primitive, and at least from indifference. How does that continue for decades?