U.S. Courts Still Suffer Poor IT Management Following 2020 Breach, Watchdog Finds

Thicha Satapitanon / EyeEm/Getty Images

A U.S. Government Accountability Office’s report indicates insufficient IT workforce planning and management at the Administrative Office of the U.S. Courts, following the office’s 2020 system breach.

The U.S. Government Accountability Office issued a report on Thursday about the Administrative Office of the U.S. Courts’ IT acquisition and management, detailing inadequate workforce planning and management. The report also found a failure to implement key solutions to fix cybersecurity skill gaps in the office’s workforce, which could prove problematic given the office’s system breach in 2020.

As part of the report, GAO reviewed AOUSC’s IT management, which included looking at whether the office: implemented leading IT practices for workforce planning and management; utilized best practices for IT project planning and management; and had a chief information officer with enterprise control and oversight about the office’s IT workforce and project portfolio.

Pursuant to the assessment, GAO evaluated agency documentation against 12 selected best practices for four different areas within workforce management, as well as 23 best practices for managing AOUSC’s three largest IT acquisition projects: the Judiciary Electronic Filing System, the enterprise facilities management system known as JSPACE, and the Probation and Pretrial Services Automated Case Tracking System 360. GAO also noted that it interviewed officials about these topics as part of its evaluation.

GAO found that AOUSC, which provides IT support services to federal courts, did not have a strategic approach to address its IT workforce needs despite using leading practices. Specifically, the office did not have a recruitment strategy or training program for its IT workforce to fix the identified gaps in the workforce’s cybersecurity skills. 

“Fully addressing practices in these areas would help ensure that it has the knowledge and skills to tackle pressing IT issues,” GAO said.

GAO also highlighted the office’s lack of a CIO to oversee the office—which it has no statutory obligation to establish—adding that the current leader, the associate director for the Department of IT Technology Services, cannot oversee other office units managing their own IT. GAO also noted the office’s deficient oversight and inadequate IT project management.

Furthermore, GAO discovered that AOUSC did not have comprehensive cost estimates for its projects and the project schedules were poorly constructed. 

GAO made 18 recommendations as part of its report. For example, GAO recommends that AOUSC improve its IT workforce planning and management, boost its IT project management practices and create a CIO position with enterprise-wide responsibility. 

In response, AOUSC stated that, despite its decentralized management model, it would consider the recommendations to decide what changes to make, but did not agree to implement them outright. 

House Subcommittee on Government Operations Chairman Gerry Connolly, D-Va., and House Subcommittee on Courts, Intellectual Property and the Internet Chairman Hank Johnson, D-Ga., initially requested that GAO conduct this report in September 2020.

“This report does not paint a pretty picture of the status of information technology acquisition and management by the Administrative Office of the U.S. Courts,” the chairmen said. “It is telling that the AOUSC refused to agree to implement any of the 18 recommendations GAO has included in its report, and these will be an intense focus of continued Congressional oversight. We will also expect the AOUSC to work with us to establish in statute [the] position of Chief Information Officer for the AOUSC as GAO recommended in its report.”

GAO’s report comes on the same day that lawmakers questioned the Department of Justice’s National Security Division about cybersecurity after three hostile foreign actors breached court systems in 2020.