Home Emergency Management News Government Watchdog: Federal Agencies Failing on Cybersecurity

Government Watchdog: Federal Agencies Failing on Cybersecurity

0

GAO says agencies must improve controls over high-impact systems

A government watchdog recently scrutinized the information security systems of two-dozen federal agencies and found many lacking in several key security areas.

The Government Accountability Office (GAO) surveyed 24 federal agencies and found the following issues with overall cybersecurity:

-- Some agencies had not always effectively implemented access controls, e.g. protecting system boundaries, authenticating users, authorizing access, and monitoring system activities.

-- Some agencies had issues stating current patching known software vulnerabilities and also having valid contingency plans in place.

-- Some agencies had not fully implemented key elements information security programs. These included both security plans and remedial action plans.

Cyber attacks from nations

Of the 24 agencies surveyed by the GAO, 75 percent (18 agencies) stated that cyber attacks from “nations” are the common threat to the security of their systems. More specifically, cyber attacks received via email were, by far, the most common -- and also the most serious.

During fiscal year 2014, 11 of the 18 agencies reported a combined 2,267 cyber incidents on high-impact systems. And nearly a quarter of that group of reported incidents involved the installation of malicious code.

GAO: weaknesses should be addressed

The GAO concluded after thorough analysis that the selected agencies should "address weaknesses in access and other controls." This includes implementation of missing elements of current information security systems, as well as more timely maintenance of existing systems so as to reduce risks associated with unauthorized access, modification of highly sensitive data.

Examples of agencies included in the study include the National Aeronautics and Space Administration (NASA), the Nuclear Regulatory
Commission (NRC), the Office of Personnel Management (OPM), and the Department of Veterans Affairs (VA).

Matt Mills Matt Mills has been involved in various aspects of online media, both on the editorial side and on the technology side, for more than 16 years. He holds a Master's Degree in Journalism from Northwestern University's Medill School of Journalism, and is currently involved in multiple projects focused on innovation journalism.