Report Condemns Government Cyber Security
A Senate committee has slammed cyber security in eight federal government agencies. The committee said most were failing basic security standards and had shown minimal improvements since a previous report.
The report comes from the Committee on Homeland Security and Governmental Affairs. It followed up on a similar report from another committee in 2019.
Both reports looked at issues including:
- Whether the agencies adequately protected personal information.
- Whether they kept track of the various IT equipment and systems they used.
- Whether they installed security patches quickly enough.
- Whether they used any outdated software that was no longer supported by developers and thus vulnerable to security risks.
Homeland Security Meets Grade
The only thing close to good news is that the Department for Homeland Security has somewhat upped its game since 2019. The new report gave it a B grade for cyber security, meaning it still has room for improvement but at least meets a basic level of security.
Three agencies - the Department of Agriculture, Department of Health and Human Services and Department of Housing and Urban Development - got a C grade, meaning inadequate levels of security.
The remaining four agencies - the Department of Education, Department of State and Department of Transportation plus the Social Security Administration - all got a D grade, indicating serious failings.
State Department Slammed
The biggest criticism was for the Department of State. That's partly because of the serious nature of the secure data it handles and partly because of the lack of control over access. Inspectors asked the department to provide records of what access a batch of sample employees had to a classified network and it was unable to do so in 60 percent of cases.
The department also failed to consistently disable access for staff who no longer needed it. The report found some users still had access nearly six months after they left their jobs, in some cases having been fired.
According to the report, one of the big problems is that there's "no single point of accountability for federal cyber security." That's likely the reason the agencies showed little if any sign of fixing problems highlighted in the previous report.
What's Your Opinion?
Are you surprised by these findings? Should we hold government agencies to higher cyber security standards than individuals and businesses? What would it take to improve government cyber security?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
government cybersecurity
The government is "US" and WE all wish our information protected responsibly. There is often resentment when government informs us that part of the budget for doing "hard" infrastructure is allocated to security. Note that without security, the infrastructure might also be less than what we expect for our money.
Government Competence
In times of good, no one pays attention except those ringing the alarms.
In times of bad, the incompetence is on naked display, but like cockroaches, they hide behind their locked doors, inaccessible to those who fund them and have their lawyers attack those who would hold them accountable.
Sadly, this story could be a reprint from eight years ago and would be just as accurate.