To improve the system, the GAO recommends that the Treasury Department "establish an effective management structure for implementing key information security activities and a test environment for auction systems."

"Without proper safeguards, the speed and accessibility that create the enormous benefits of the computer age may allow individuals and groups with malicious intent to gain unauthorized access to systems and use this access to obtain sensitive information, commit fraud, disrupt operations, or launch attacks against other sites," the report states.

In a letter in response, Louise Roseman, director of Division of Reserve Bank Operations and Payment Systems, said that since the GAO review was conducted, her agency has "taken actions to improve our ability to coordinate and oversee our complex IT systems effectively," including a realignment of the information security governance structure within the Federal Reserve banks and the designation of the director of the Reserve Banks' Federal Reserve IT organization as the focal point for enterprisewide information security.

"The Treasury auction applications reviewed in this report were developed starting in 1998, when Web technology, tools and development practices were substantially less evolved than those available today," Roseman stated in her letter.

"The Treasury and the Federal Reserve are currently undertaking a significant development initiative to replace the existing applications and operational infrastructure by year-end 2007," the letter continues. "The new auction applications will be operated within the Federal Reserve's strengthened information security architecture, and information security compliance will be monitored through our improved information security governance structure."