         
|
August 31, 1999
Thompson letter on GPRA - DOT Attachment 1
MOST SIGNIFICANT OPEN GAO RECOMMENDATIONS ON TRANSPORTATION DEPARTMENT HIGH-RISK PROBLEMS
COMPUTER SECURITY
Description of high-risk area: Continuing computer security weaknesses put critical federal operations and assets at great risk. Such problems make it easier for individuals and groups to obtain sensitive information, commit fraud, or disrupt operations. Federal agencies rely on computers and electronic data to perform functions that are essential to the national welfare and directly affect the lives of millions of individuals. More and more, these functions, which include national defense, tax collection, benefits payments, and law enforcement, depend on automated, often interconnected, systems and on electronic data rather than on manual processing and paper records.
| GAO Report No. and Date |
Recommendation | |
AIMD-98-155 May 18, 1998 |
The Secretary of Transportation should direct the Administrator, FAA, to develop and execute a plan to inspect the 187 air traffic control (ATC) facilities that have not been inspected in over 4 years and correct weaknesses identified so that these ATC facilities can be granted physical security accreditation as expeditiously as possible, but no later than April 30, 1999. | |
AIMD-98-155 May 18, 1998 |
The Secretary of Transportation should direct the Administrator, FAA, to correct identified physical security weaknesses at inspected facilities so that these ATC facilities can be granted physical security accreditation as expeditiously as possible, but no later than April 30, 1999. | |
AIMD-98-155 May 18, 1998 |
The Secretary of Transportation should direct the Administrator, FAA, to establish an effective management structure for developing, implementing, and enforcing ATC computer security policy. |
AIR TRAFFIC CONTROL MODERNIZATION
Description of high-risk area: Faced with rapidly growing traffic volume and aging equipment, the FAA initiated an ambitious air traffic control (ATC) modernization program in 1981. This effort involves acquiring new air traffic control facilities as well as a vast network of radar, automated data processing, navigation, and communications equipment, with an expected total cost of $41 billion through 2004. Over the past 17 years, the modernization program has experienced cost overruns, schedule delays, and performance shortfalls of large proportions. GAO’s work has pinpointed solutions to address root causes of such problems.
GAO has made many recommendations for addressing problems at FAA. Currently, there are 22 open recommendations related to systems architecture, software acquisition capabilities, cost estimating and accounting practices, computer security, and an at-risk system development effort. The 10 key recommendations are discussed below.
| GAO Report No. and Date |
Recommendation | |
AIMD-97-30 Feb. 3, 1997 |
The Secretary of Transportation should direct the FAA Administrator to ensure that a complete ATC systems architecture is developed and enforced expeditiously before deciding on the architectural characteristics for replacing the Host Computer System. | |
AIMD-97-30 Feb. 3, 1997 |
The Secretary of Transportation should direct the FAA Administrator to establish an effective management structure for developing, maintaining, and enforcing the complete ATC systems architecture. Specifically, the Administrator should (1) assign the responsibility and accountability needed to develop, maintain, and enforce a complete ATC systems architecture to a single FAA organizational entity, (2) provide this single entity with the resources, expertise, and budgetary and/or organizational authority needed to fulfill its architectural responsibilities, and (3) direct this single entity to ensure that every ATC project conforms to the architecture unless careful, thorough, and documented analysis supports an exception. | |
AIMD-97-47 March 21, 1997 |
To improve FAA’s software acquisition capability for its ATC modernization, the Secretary of Transportation should direct the FAA Administrator to require that, before being approved, every ATC modernization acquisition project has software acquisition processes that satisfy at least Software Acquisition Capability Maturity Model (SA-CMM) level 2 requirements. | |
AIMD-97-20 Jan. 22, 1997 |
The Secretary of Transportation should direct the FAA Administrator to institutionalize defined processes for estimating ATC projects’ costs. These processes should include a corporate memory (or historical database) which includes cost and schedule estimates, revisions, reasons for revisions, actuals, and relevant contextual information. | |
AIMD-97-20 Jan. 22, 1997 |
The Secretary should also direct the Administrator to immediately begin disclosing the inherent uncertainty and range of imprecision in all ATC projects’ officials cost estimates presented to executive oversight agencies or the Congress. | |
AIMD-97-20 Jan. 22, 1997 |
The Secretary should also direct the Administrator to acquire or develop and implement a managerial cost accounting capability that will satisfy the requirements of Statement of Federal Accounting Standard (SFFAS) No. 4, Managerial Cost Accounting Concepts and Standards for the Federal Government. This system capability should provide the cost accounting and financial management information needed by FAA management and those who make investment decisions. Such information should include full life cycle costs, which include the costs of resources consumed by a project that directly or indirectly contributes to the output and the costs of identifiable supporting services provided by other organizations within the reporting entity. | |
AIMD-98-155 May 18, 1998 |
To improve security for future ATC modernization systems, the Secretary of Transportation should direct the FAA Administrator to ensure specifications for all new ATC systems include security requirements based on detailed security assessments by requiring that security requirements be included as a criterion when FAA analyzes new systems for funding under its acquisition management system. | |
AIMD-98-155 May 18, 1998 |
To improve security for future ATC modernization systems, the Secretary of Transportation should direct the FAA Administrator to ensure that the National Airspace Systems Information Security Group establishes detailed plans and schedules to develop a security architecture, a security concept of operations, and security standards and that these plans are implemented. | |
RCED-98-79 April 30, 1998 |
To assist Congress in making future funding decisions for the Wide Area Augmentation System (WAAS), the Secretary of Transportation should direct the FAA Administrator to provide to Congress a detailed explanation of the agency’s strategy for leasing geostationary satellites. | |
RCED-98-79 April 30, 1998 |
To assist Congress in making future funding decisions for WAAS, the Secretary of Transportation should direct the FAA Administrator to provide to the Congress an updated benefit-cost analysis, including a comparison with alternative investments of FAA’s resources and an explanation of the effects of including small increments of passenger time savings. |
FAA FINANCIAL MANAGEMENT
Description of high-risk area: The Federal Aviation Administration (FAA) lacks accountability for major assets including its Air Traffic Control (ATC) Modernization Program. Many problems related to FAA’s lack of accountability for its assets are because the agency lacks a reliable system for accumulating project cost accounting information. |
GAO Report No. and Date |
Recommendation | |
AIMD-97-20 Jan. 22, 1997 |
In light of FAA’s weaknesses in the accounting and reporting ATC project costs, the Secretary of Transportation should direct the FAA Administrator to acquire or develop and implement a managerial cost accounting capability that will satisfy the requirements of SFFAS 4, Managerial Cost Accounting Concepts and Standards for the Federal Government. | |
AIMD-97-20 Jan. 22, 1997 |
The Secretary of Transportation should report FAA’s lack of a cost accounting capability for its ATC modernization as a material control weakness in the Federal Managers’ Financial Integrity Act reports until the problem is corrected. |
|
 |
|
|
