80.6 F
Washington D.C.
Saturday, April 19, 2025
HomeSubject Matter AreasCybersecurity
CybersecurityInformation TechnologyFederal Government

GAO Assesses Status of Mission-Critical IT System Acquisitions

Megan Norris
By Megan Norris

Key Takeaways:
> GAO identified 16 of these IT acquisitions as particularly critical to missions ranging from national security to public health to the economy.
> As of February 2025, there were 75 open GAO IT- and cybersecurity-related recommendations pertaining to nine of the 16 acquisitions.

Overview
The Government Accountability Office (GAO) released a new report examining 16 mission-critical IT acquisition programs across 11 federal agencies. These programs, essential to various government functions, including national security, public health, and economic operations, are projected to cost taxpayers at least $51.7 billion. The GAO study focuses on identifying key attributes and risks associated with these high-priority systems as part of its ongoing monitoring of federal IT acquisitions, an area that has been on GAO’s High-Risk List since 2015.

The report, titled “Mission-Critical Information Technology: Agencies Are Monitoring Selected Acquisitions for Cybersecurity and Privacy Risks” (GAO-25-106908), comes at a time when federal agencies continue to struggle with IT implementation challenges. As of February 2025, there were 75 open GAO IT- and cybersecurity-related recommendations pertaining to nine of the 16 acquisitions reviewed.

Findings
The GAO identified several significant findings in its analysis:

  • Substantial Financial Investment: The 16 mission-critical acquisitions are collectively expected to cost at least $51.7 billion. For perspective, the Department of Health and Human Services alone plans to spend approximately $6.2 billion over 10 years on its electronic health records modernization effort.
  • Mission-Critical Dependence: Officials from 10 of the 16 acquisitions reported that failing to proceed with these IT initiatives would jeopardize their agency’s ability to meet mission needs, improve customer service, or achieve cost savings. This underscores the essential nature of these systems to government operations.
  • Cybersecurity and Privacy Concerns: Perhaps most alarming, seven acquisitions identified high risks associated with cybersecurity and information privacy. These high-risk designations indicate that an adverse cybersecurity or privacy incident could have severe or catastrophic effects on the agency, other agencies, or the nation as a whole.
  • Escalating Risks: The report notes that cybersecurity and privacy risks continue to escalate as agencies’ IT infrastructures age while threats and vulnerabilities become increasingly sophisticated and difficult to defend against.

Among the highlighted examples, both Department of Education acquisitions – aimed at modernizing systems for federal student aid – contain large repositories of personally identifiable information (PII), making them particularly vulnerable targets.

Recommendations
While this specific report does not contain new recommendations, the GAO notes that there are currently 75 recommendations for nine of the 16 acquisitions examined remain unimplemented. The report serves as a status update and risk assessment rather than providing new directives. However, it implicitly reinforces the urgency of addressing previously identified issues, particularly in the areas of cybersecurity and privacy protection.

GAO provided a draft of this report to the 11 agencies with IT acquisitions profiled and to the Office of Management and Budget. Eight agencies provided technical comments, which GAO incorporated as appropriate.

Why It Matters
This report matters for several critical reasons:

  1. Financial Implications: With at least $51.7 billion in taxpayer money at stake, ensuring these acquisitions succeed is fiscally responsible governance.
  2. National Security and Public Safety: Many of these systems directly impact national security, public health, and economic stability. For example, the Department of Defense’s Joint Warfighting Cloud Capability and the Department of Homeland Security’s Homeland Advanced Recognition Technology are crucial to security operations.
  3. Personal Data Vulnerability: Several systems, like the Education Department’s student aid processing systems, contain vast amounts of personally identifiable information that could be devastating if compromised.
  4. Government Effectiveness: These IT systems directly affect how efficiently the government can serve citizens, from processing student loans to managing veterans’ health records.
  5. Growing Threat Landscape: As the report notes, cybersecurity and privacy risks continue to escalate as infrastructure ages and threats become more complex, making continuous monitoring and improvement essential.

The GAO’s continued focus on IT acquisitions highlights the persistent challenges federal agencies face in implementing large-scale technology projects. As government operations become increasingly dependent on digital systems, the success or failure of these acquisitions will have profound implications for government effectiveness, national security, and the protection of sensitive personal information.

To read the full report, click here.

Previous article
TSA Stops Man With Live Turtle Stuffed Down His Pants
Next article
DOJ Charges 12 Chinese Contract Hackers and Law Enforcement Officers in Global Hacking Campaigns
Megan Norris
Megan Norris
Megan Norris has a unique combination of experience in writing and editing as well as law enforcement and homeland security that led to her joining Homeland Security Today staff in January 2025. She founded her company, Norris Editorial and Writing Services, following her 2018 retirement from the Federal Air Marshal Service (FAMS), based on her career experience prior to joining the FAMS. Megan worked as a Communications Manager – handling public relations, media training, crisis communications and speechwriting, website copywriting, and more – for a variety of organizations, such as the American Red Cross of Greater Chicago, Brookdale Living, and Advocate Illinois Masonic Medical Center. Upon becoming a Federal Air Marshal in 2006, Megan spent the next 12 years providing covert law enforcement for domestic and international missions. While a Federal Air Marshal, she also was selected for assignments such as Public Affairs Officer and within the Taskings Division based on her background in media relations, writing, and editing. She also became a certified firearms instructor, physical fitness instructor, legal and investigative instructor, and Glock and Sig Sauer armorer as a Federal Air Marshal Training Instructor. After retiring from FAMS, Megan obtained a credential as a Certified Professional Résumé Writer to assist federal law enforcement and civilian employees with their job application documents. In addition to authoring articles, drafting web copy, and copyediting and proofreading client submissions, Megan works with a lot of clients on résumés, cover letters, executive bios, SES packages, and interview preparation. As such, she presented “Creating Effective Job Application Documents for Female Law Enforcement and Civilian Career Advancement” at the 2024 Women in Federal Law Enforcement (WIFLE) Annual Leadership Conference in Washington, DC, and is a regular contributor to WIFLE's Quarterly Newsletter. Megan holds a Master of Science in Integrated Marketing Communications from Roosevelt University in Chicago, and a Bachelor of Arts in English/Journalism with a minor in Political Analysis from Miami University, Oxford, Ohio.

Related Articles

Latest Articles

Load more
All content copyright ©2024 Homeland Security Today. All rights reserved.

POWERED BY MHA Visuals