According to the GAO, “the federal government spends more than $100 billion on IT and cyber-related investments annually—but many of them have failed or performed poorly, have been poorly managed, and have security weaknesses. Improving IT acquisitions and operations management and ensuring cybersecurity have been on our High Risk List since 2015 and 1997, respectively. We testified that little progress has been made. The federal government and agencies must take action. For example, the government should develop and execute a comprehensive cybersecurity strategy. Agencies have yet to implement many of our critical recommendations in these areas.”