Report slams wasteful government IT spending

The U.S. government wastes 50 percent or more of the $70 billion to $80 billion that it spends on IT and IT security each year, according to a report released on Thursday by the International Association of Information Technology Asset Managers (IAITAM).

The report, entitled “Understanding the Federal Government’s ‘IT Insecurity’ Crisis,” warns that waste places federal agencies at greater risk of data breaches, lost and stolen hardware, and other cybersecurity dangers.

Federal government spends over $36,000 per employee compared to less than $5,000 per employee in the private sector, according to IAITAM.

“Taxpayers need to understand that simply throwing more dollars at Information Technology (IT) and IT security is not a solution for anything other than mind-boggling waste of public funds,” said report author and IAITAM CEO Barbara Rembiesa, in a statement.  “While awareness of the federal IT security problem has grown in recent months, the ability to deal with such threats has improved very little.  Right now, we have the high-tech equivalent of the $436 Pentagon hammer and it’s just getting worse.”

Washington is no stranger to high-profile technology problems, from the recent hack of U.S. Central Command social media accounts, which prompted the Pentagon to tighten password security, to the controversy over missing IRS emails, and the botched launch. On Tuesday, IRS Commissioner John Koskinen told a Senate panel that some of the agency’s antiquated systems date back to John F. Kennedy’s presidency.

The IAITM report warns that until the federal government adopts a rigorous approach to IT asset management, it is unlikely to stem a spate of IT-related failures.

“The federal government spends about $70 billion a year on IT purchases and an average of about $10 billion a year on IT security,” it said. “With no meaningful standards and controls in place across and even within federal agencies, the result is massive waste, inefficiency, and huge vulnerabilities that can easily be exploited from those inside and outside of the system.”

The report pointed to a report released last year by the Office of Inspector General, which warned that more than 200 Securities and Exchange Commission (SEC) laptops may be missing. IAITIM also noted that in November 2014 the Veteran’s Administration failed its annual cyber security audit for the sixteenth consecutive year. “Even after a dramatic cyber hack was detected in 2012, the GAO found that the VA has not addressed an underlying vulnerability that allowed the incident to occur,” it said.

Additionally, IAITAM cited a December 2014 Inspector General report, which noted that FEMA and the United States Citizenship and Immigration Services (USCIS) are still using the Microsoft Windows XP operating system. The Inspector General report warned that Windows XP may be vulnerable to potential vulnerabilities as Microsoft stopped providing software security updates in April 2014.

Set against this backdrop, IAITAM urges the government to build a government-wide centralized IT asset management program responsible for creating policies, procedures, processes, and metrics for all government agencies. The group also recommends the creation of  agency-level IT asset management teams, which will handle day-to-day management of IT assets.

The White House has not yet responded to a request for comment on this story from

Follow James Rogers on Twitter @jamesjrogers