An analysis of federal security requirements indicates that current information security policies and procedures suffer from piecemeal development, lack of central leadership, insufficient attention from agencies, and limited technical tools. Essential information for risk assessment is not readily obtainable, and risk analysis approaches continue to suffer from methodological limitations.
The merging of computer and telecommunications systems will require new efforts to determine vulnerabilities and to coordinate security. At present, the range of secure information processing equipment is limited. Greater efforts in research and development will be required in the areas of equipment and management controls.
These factors suggest that the potential for computer crime against the Government will require concerted efforts to control the problem. Implications for policy range from the revision of existing laws and the creation of new computer crime legislation to the incorporation of risk analysis during system development and the transfer of risk analysis, management, knowledge, and techniques.