Federal agencies have failed to address key weaknesses in their cybersecurity defenses, leading to hackings and data theft over the past decade. All of which has only come to light in the past few days after the Senate Homeland Security Committee’s permanent subcommittee on investigations released a June 25 report, titled “Federal Cybersecurity: America’s Data at Risk,”. It is a major insight into federal cybersecurity failure.
The Senate Homeland Security and Governmental Affairs Committee’s Permanent Subcommittee on Investigations released the report at the end of a 10-month investigation of the federal government’s cybersecurity infrastructure.
Eight agencies were named the most notable and concerning violators of standard cybersecurity protections. These were the most agencies with the most egregious of the federal cybersecurity failures to date: the Department of Homeland Security, the State Department, the Department of Transportation, the Department of Housing and Urban Development, the Department of Agriculture, the Department of Health and Human Services, the Department of Education and the Social Security Administration.
A few examples of some of the most notable concerns include:
- None of the agencies have hired for the position of CIO as Congress had wanted. The subcommittee recommended expanding the scope of those offices by ensuring that CIOs are able to make agency wide decisions on cybersecurity.
- Agencies failed to adequately protect sensitive information including social security numbers and medical records.
- Most agencies failed to keep a comprehensive list of all cybersecurity assets they utilize to protect sensitive information.
- All eight agencies studied used legacy systems, such as Windows XP and Windows 2003, the report said. These legacy systems are more difficult and more expensive to secure than their modern counterparts.
This has been an eye opening audit into the federal cybersecurity initiative and a clear indication of top governments unpreparedness to deal with the coming shift into digital crime.
The high proportion of federal IT funding that goes toward keeping older government systems alive has frustrated lawmakers in oversight and appropriations hearings who say they want to see more money dedicated to modernization efforts. The truth is that these funds would be better allocated to training and hiring professionals that have studied in an accredited cybersecurity programs.
We can only hope that the federal government focuses on securing American information as soon as possible. You can read more about the cybersecurity report findings and decide for yourself.