Report Condemns Government Cyber Security

John Lister's picture

A Senate committee has slammed cyber security in eight federal government agencies. The committee said most were failing basic security standards and had shown minimal improvements since a previous report.

The report comes from the Committee on Homeland Security and Governmental Affairs. It followed up on a similar report from another committee in 2019.

Both reports looked at issues including:

  • Whether the agencies adequately protected personal information.
  • Whether they kept track of the various IT equipment and systems they used.
  • Whether they installed security patches quickly enough.
  • Whether they used any outdated software that was no longer supported by developers and thus vulnerable to security risks.

Homeland Security Meets Grade

The only thing close to good news is that the Department for Homeland Security has somewhat upped its game since 2019. The new report gave it a B grade for cyber security, meaning it still has room for improvement but at least meets a basic level of security.

Three agencies - the Department of Agriculture, Department of Health and Human Services and Department of Housing and Urban Development - got a C grade, meaning inadequate levels of security.

The remaining four agencies - the Department of Education, Department of State and Department of Transportation plus the Social Security Administration - all got a D grade, indicating serious failings.

State Department Slammed

The biggest criticism was for the Department of State. That's partly because of the serious nature of the secure data it handles and partly because of the lack of control over access. Inspectors asked the department to provide records of what access a batch of sample employees had to a classified network and it was unable to do so in 60 percent of cases.

The department also failed to consistently disable access for staff who no longer needed it. The report found some users still had access nearly six months after they left their jobs, in some cases having been fired.

According to the report, one of the big problems is that there's "no single point of accountability for federal cyber security." That's likely the reason the agencies showed little if any sign of fixing problems highlighted in the previous report.

What's Your Opinion?

Are you surprised by these findings? Should we hold government agencies to higher cyber security standards than individuals and businesses? What would it take to improve government cyber security?

Rate this article: 
Average: 5 (10 votes)

Comments

jimain's picture

The government is "US" and WE all wish our information protected responsibly. There is often resentment when government informs us that part of the budget for doing "hard" infrastructure is allocated to security. Note that without security, the infrastructure might also be less than what we expect for our money.

Chief's picture

In times of good, no one pays attention except those ringing the alarms.
In times of bad, the incompetence is on naked display, but like cockroaches, they hide behind their locked doors, inaccessible to those who fund them and have their lawyers attack those who would hold them accountable.

Sadly, this story could be a reprint from eight years ago and would be just as accurate.