State needs to shore up security

In 1999 it was possible to enter the State Department's computer systems and browse through "sensitive" documents virtually undetected, congressional investigators report.

Security is better now, but still far from infallible, the General Accounting Office found in its Performance and Accountability Series report Jan. 17.

The State Department needs to keep working to improve security, from installing automated intrusion-detection programs to clarifying agencywide security management responsibilities, according to the GAO report. Unless such improvements are made "State's computer networks will remain vulnerable to exploitation and unauthorized access."

Computer security is a vexing problem for State because of the size and complexity of the department worldwide, GAO reported.

Security isn't the only problem. Computer system incompatibilities hamper State's ability to collaborate with other foreign affairs agencies, according to the report. The department and other U.S. agencies with overseas installations are in the early stages of planning to adopt common technology platforms to overcome the problem.

But, "if a common platform is to become a reality, State will have to overcome cultural obstacles" to coordinate well with other agencies, the GAO report stated.

According to the report, the State Department should make developing an information technology planning and investment process a top priority. In the past, the department has lacked disciplined IT project management, investment controls and an enterprise architecture. That has led to poor system cost estimating, an inability to make cost-effective system investment decisions and acquisition of computer systems that do not perform as expected, GAO found.