The ‘vast majority’ of federal agencies’ information security programs


A Senate report released Tuesday found that “the vast majority of federal agencies” have ineffective information security programs that put critical government data at risk from being exposed.

Inspectors general of agencies that evaluate the federal government’s cybersecurity gave the largest agencies an overall grade of C-, from A to F, according to the Senate Homeland Security and State Affairs Committee’s survey.

The worst D scores went to various agencies, including NASA, the Office of Personnel Management, and the Social Security Administration, as well as the Departments of Commerce, Education, Government, Transportation, and Veterans Affairs.

Report authors Sens. Rob Portman and Michigan Democrat Gary Peters wrote that no agency has received A’s for its cybersecurity program.

“This report illustrates a continued failure to address cybersecurity vulnerabilities in our federal agencies, leaving national security and sensitive personal information vulnerable to theft and damage by increasingly sophisticated hackers,” Portman said in a statement. Said. “I’m concerned that many of these vulnerabilities have been spotted for the better part of a decade – the American public deserves better.”

The low ratings reflect the federal government’s failure to adequately protect personal information, its failure to protect unauthorized users from sensitive systems and update their technology or keep an inventory of their information technology.

The weaknesses of the federal government’s cybersecurity have received new scrutiny after SolarWinds’ computer network management software hack, which was identified last year that compromised nine federal agencies. The Biden administration blamed the Russian Foreign Intelligence Service (SVR) for the Solarwinds hacking campaign, and the Senate report makes clear that much less sophisticated actors within the government have access to cyberespionage.

“For example, the State Department was unable to provide documentation of user access agreements for 60% of sample employees tested with access to the department’s classified network. This network contains data that ‘could cause serious harm to national security’ if disclosed to an unauthorized person. you read report. “Perhaps more disturbing, [the State Department] failed to close thousands of accounts after long periods of inactivity on both classified and sensitive but unclassified networks.”

According to the report, some employees who were laid off, laid off or retired still have access to government accounts five months after leaving the State Department.

Agencies with relatively higher scores also experienced cybersecurity issues. For example, the US Agency for International Development (USAID) received a B in its Senate report. In May 2021, Microsoft said observed Hackers breaching USAID systems to target 3,000 email accounts in 150+ organizations.

Microsoft said the cyber attackers responsible for the SolarWinds attack were also behind the attack campaign targeting USAID’s Constant Contact account. Constant Contact is a company that makes email marketing software.

The full picture of sensitive government information exposed to hackers isn’t clear. On Friday, the Department of Justice announced that the SolarWinds hack also hijacked email accounts at 27 different US Attorneys’ offices, including Washington and New York.

According to a White House spokesperson, the Biden administration sees the federal government as kicking the road for decades and insists on taking new steps to address the problems.

The spokesperson noted that the Biden administration is funding cybersecurity modernization efforts through a coronavirus relief package that went into effect this year, including $1 billion for a technology modernization fund and $650 million for the Cybersecurity and Infrastructure Security Agency.

The spokesperson also said the administration has implemented President Biden’s May executive order on cybersecurity, which, among other measures, is designed to improve cybersecurity guidelines for government suppliers and develop a framework for federal civilian agencies to monitor when using cloud services.

Mr Portman said he would introduce new laws to better protect Americans’ data, and Mr Peters, who heads the homeland security panel, said he would work with the Ohio Republican to get federal agencies to change their cybersecurity practices.

Sign up for Daily Newsletters


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *