Fighting toxic chemicals to fixing cyber infrastructure: The government's top 10 trials and tribulations

The US government certainly has its hands full, especially now with the new administration transitioning in.  And the list of problems and hot spots continues to grow.  Watchdogs at the Government Accounting Office periodically assess the Fed's most high-risk areas or areas that are prone to fraud, waste, abuse, and mismanagement that can directly impact all of us.

On the GAO hit list which was sent to the 111th Congress this week are all manner of issues from repairing the nation's cyber infrastructure and keeping taxpayer information private to how to effectively move the IRS and financial regulatory systems into the future.

Interestingly one of the GAO's oft-targeted ventures, the Federal Aviation Administration (FAA) Air Traffic Control modernization has been dropped from the high risk list. The GAO first included FAA Air Traffic Control modernization on its hit list in 1995 because of previous cost overruns, schedule delays and performance shortfalls.

While the list currently includes some 31 areas that the GAO says are riskiest, for our purposes we'll focus on 10. From the GAO report they include:

Protecting the Federal government's information systems and the nation's critical infrastructures

Federal agencies have made progress in strengthening information security. The administration has also launched several initiatives that are intended to improve security over federal systems, such as establishing security configurations for desktop computers and reducing the number of federalaccess points to the Internet. However, most agencies continue to experience significant deficiencies that jeopardize the confidentiality, integrity, and availability of their systems and information. For example, agencies did not consistently implement effective controls to prevent, limit, and detect unauthorized access or manage the configuration of network devices to prevent unauthorized access and ensure system integrity. Until agencies implement the hundreds of recommendations made by GAO and their inspectors general to resolve identified deficiencies and fully implement effective security programs, a broad array of federal assets and operations will remain at unnecessary risk of fraud, misuse, and disruption.

Ensuring the effective protection of technologies critical to US national security interests

Over the years, GAO has identified weaknesses in the effectiveness and efficiency of government programs designed to protect critical technologies while advancing US interests. Since this area was designated high risk in 2007, the agencies responsible for administering these programs, including the Departments of Commerce, Defense, Justice, State and the Treasury, have made improvements in several areas. However, vulnerabilities continue to exist, and agencies have yet to take action to address GAO's major underlying concern, which is the need for a fundamental re-examination of current government programs to determine how they can collectively achieve their mission and to evaluate the need for alternative approaches.  To ensure the collective effectiveness of programs to identify and protect critical technologies, the executive and legislative branches need to conduct a fundamental reexamination of the current programs and evaluate the potential of alternative approaches.

Funding the surface transportation system

The cost to repair and upgrade the nation's surface transportation system so that it can safely and reliably meet current and future demands is estimated in the hundreds of billions of dollars, and calls have been made to significantly increase federal investment in the system. However, the large increases in costs for surface transportation in recent years have not commensurately improved the performance of the system because many current surface transportation programs are not effective at addressing key challenges, federal goals are numerous and sometimes conflicting, roles are unclear, programs lack links to the performance of the transportation system or of the grantees, and programs in some areas do not use the best tools and approaches to ensure effective investment decisions.

Protecting public health through enhanced oversight of medical products

Inspecting foreign establishments manufacturing drugs or medical devices-Food and  Drug Administration's management of inspections has been compromised by weaknesses in its databases which limit its ability to identify all establishments subject to inspection. FDA also inspects relatively few foreign establishments each year. For example, FDA used a list of 3,249 foreign drug establishments to prioritize its fiscal year 2007 inspections that focus on good manufacturing practices. Based on this list, GAO estimated that FDA may inspect about 8 percent of such establishments in a given year, despite the increasing globalization of this and other industries FDA regulates. At this rate, it would take FDA more than 13 years to inspect each foreign drug establishment on this list once, assuming that no additional establishments are subject to inspection.

Transforming EPA's processes for assessing and controlling toxic chemicals

Created in 1985 to provide EPA with consensus opinions within the agency on the health effects of chronic exposure to chemicals, the EPA's Integrated Risk Information System (IRIS) database provides the basic information EPA needs to determine whether it should establish controls to, for example, protect the public from exposure to toxic chemicals in the air and water and at hazardous waste sites. In 2008, GAO reported that IRIS, which contains assessments of more than 540 toxic chemicals, is at serious risk of becoming obsolete because EPA has not been able to keep its existing assessments current or to complete assessments of the most important chemicals of concern. Factors contributing to EPA's inability to complete assessments in a timely manner include certain management decisions, such as delaying some assessments to await new research, and the compounding effect of delays-even a single delay can force EPA to essentially restart assessments to incorporate changing science and methods. A number of key chemicals have been caught in this seemingly endless cycle, limiting EPA's ability to protect the public health from ubiquitous chemicals that are likely to cause cancer or other serious health effects.

Implementing and transforming the Department of Homeland Security

Although DHS has made progress in transforming into a fully functioning department, this transformation remains high risk because DHS has not yet developed a comprehensive plan to address the transformation, integration, management and mission challenges GAO identified since 2003. With an annual budget of more than $40 billion-including billions in acquisitions, research and development, and grants to states and localities-the department's successful transformation is critical to achieving its mission.  DHS can improve implementation of mission activities, including further clarifying roles and responsibilities for emergency preparedness and response, implementing controls to screen individuals and cargo, and enhancing partnerships to secure critical infrastructure, among other areas.

Establishing mechanisms for sharing terrorism information

More than 7 years after 9/11, federal, state, local, and private partners are sharing more terrorism-related information in new ways across new channels. But Congress and the new administration will need to be vigilant to ensure commitment for integrating and institutionalizing these changes, holding agencies accountable for results, and maintaining momentum. Agencies are now collaborating on an overarching Information Sharing Environment -described as an approach for the sharing of terrorism-related information-by following an implementation plan, establishing a governance structure and interagency working groups, and making annual funding commitments.  The federal government has devised improvement plans, is making financial commitments, and is developing performance measures but needs a better road map and system of accountability to ensure the needed sharing is achieved. As a result, this area remains high risk.

Department of Defense business systems modernization

The Department of Defense (DOD) is spending billions of dollars each year to acquire modern business systems that are fundamental to achieving DOD's business transformation goals. While the department's capability and performance relative to business systems modernization has improved, significant challenges remain. As a result, DOD as a whole is not yet well-positioned to effectively and efficiently manage an undertaking with the size, complexity, and significance of its business systems modernization. Beyond this, formidable challenges remain relative to ensuring that the thousands of DOD business system modernization and IT services programs and projects employ program management rigor and discipline. In this regard, GAO's work has continued to show program-specific management weaknesses, including not economically justifying investments on the basis of reliable estimates of future costs and benefits and not pursuing investments within the context of an enterprise architecture.

Department of Defense weapon systems acquisition

DOD is not receiving expected returns on its investment in weapon systems. Since fiscal year 2000, DOD significantly increased the number of major defense acquisition programs and its overall investment in them; however, acquisition outcomes are still poor. The total acquisition cost of DOD's 2007 portfolio of major programs under development or in production has grown by $295 billion over initial estimates, and these programs are experiencing, on average, a 21-month delay in delivering initial capabilities to the warfighter. As program costs increase, DOD must request more funding to cover the overruns, make trade-offs with existing programs, delay the start of new programs, or take funds from other accounts. Delays in providing capabilities to the warfighter result in the need to operate costly legacy systems longer than expected, find alternatives to fill capability gaps, or go without the capability.

Internal Revenue Service business systems modernization

The Internal Revenue Service's (IRS) highly complex, multibillion dollar Business Systems Modernization (BSM) program is critical to transforming the agency's manual paper-intensive business operations. The GAO has previously reported that despite progress in establishing management controls, acquiring foundational system infrastructure and applications, and addressing several financial management deficiencies, including deficiencies in controls over budgetary activity and property and equipment, both BSM and financial management have remained high risk. Since resolution of IRS's most serious remaining financial management problems depended largely on the success of BSM.  While IRS has made progress in reducing risk with systems modernization and financial management, improvements have

not been sustained long enough to provide confidence that the program is fully stable.

The idea is that if these programs were fixed and running right, they could save billions of dollars, dramatically improve service to the public, strengthen confidence and trust in the performance and accountability of the government, the GAO stated.

Layer 8 in a box

Check out these other hot stories:

How to move a boat without an engine, paddles or sails

Cisco scammer gets 5 years in jail

Complex IT challenges will hinder online healthcare move

Feds to offer cash for your clunker

Air Force: More unmanned aircraft than manned in 2009

Paybacks: Telescammers to fork over $50 million in restitution

Government spends over $30 million to sharpen cyber security saber

Watchdogs bite IRS for continued security lapses

FBI/DOJ warns of economic cybergeddon

Beam up my shape shifting robot Scotty: Layer 8's Best of 2008

Ducks, dorks and deviants: Wackiest stories of 2008

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)