GAO’s Updated High-Risk List Still Spotlights IT and Cybersecurity


The Government Accountability Office’s biennial list of high-risk government programs indicates that the federal government regressed – from “met” to “partially met” – in ensuring national cybersecurity the past two years, and that IT acquisitions and operations continue to require “significant attention.” The previous administration’s “elimination of the White House cybersecurity coordinator position in May 2018” was a factor in that downgrade.

The list remained largely the same as in 2019, but five risk areas got worse—including cybersecurity—while seven improved. One area—the Defense Department’s Support Infrastructure Management—improved to the point of graduating from the list, and two new ones—National Efforts to Prevent, Respond to, and Recover from Drug Misuse; and Emergency Loans for Small Businesses—were added, the latter largely due to issues with COVID-19 response programs.