[TheRecord] Bipartisan report finds agencies plagued by cyber woes

Several major federal agencies continue to fail to address recurring cybersecurity vulnerabilities or implement basic standards that would protect the public’s sensitive information, according to the results of a new bipartisan congressional investigation.

A review issued on Tuesday by the Senate Homeland Security Committee found that, despite years of warnings, agencies such as the State, Education, Agriculture and Health and Human Services departments have not established effective cybersecurity programs or complied with federal information security standards.

Only the Homeland Security Department created an effective information security program through its Cybersecurity and Infrastructure Security Agency, the report concluded.

“This report shows a sustained failure to address cybersecurity vulnerabilities at our federal agencies, a failure that leaves national security and sensitive personal information open to theft and damage by increasingly sophisticated hackers,” Sen. Rob Portman (Ohio), the panel’s top Republican, said in a statement.

“I am concerned that many of these vulnerabilities have been outstanding for the better part of a decade — the American people deserve better,” he added.

The newly-minted report — which studies the fiscal 2020 inspectors general evaluations of the eight agencies, including the Transportation and Housing and Urban Development departments and the Social Security Administration — is a follow-up to one that Portman, then chair of the panel’s Permanent Subcommittee on Investigations, issued in 2019

Some of the incidents cited in the report include:

State left thousands of accounts active on both its classified and unclassified networks after employees left the agency.Transportation couldn’t account for more than 14,000 IP assets, including over 7,000 mobile devices, nearly 5,000 servers and close to 3,000 workstations.Agriculture had vulnerabilities on the agency’s public-facing websites that were unknown to the agency.At Education, auditors were able to exfiltrate hundreds of files containing sensitive, personally identifiable information, including 200 credit card numbers, without the department noticing.

A committee aide said that a “large part” of why agencies are plagued with performance issues is that there is no single organization that is responsible for federal cybersecurity. 

That “balkanization of cybersecurity across federal agencies, it has been a persistent problem,” the aide said.

The report recommends, among other things, that the Office of Management and Budget to develop a risk-based budget model for IT investments; Congress update a 2014 that gave agency CIOs recommended powers; and for DHS to provide lawmakers with a plan to update EINSTEIN, the department’s network monitoring program, which is slated to expire next year.

In a statement, Senate Homeland Security Committee Chair Gary Peters (D-Mich.) vowed to work with Portman on legislation to “federal IT systems and ensure that federal agencies are taking necessary steps to prevent Americans’ valuable information from being stolen.”

Federal Cybersecurity on Scribd

The post Bipartisan report finds agencies plagued by cyber woes appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] Israeli Foreign Minister Promises Closer Look at NSO

All posts, Security Week

Israel’s foreign minister on Wednesday played down criticism of the country’s regulation of the cyberespionage firm NSO Group but vowed to step up efforts to ensure the company’s controversial spyware doesn’t fall into the wrong hands. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[SecurityWeek] US Gov Offering $10M Reward for Data on DarkSide Ransomware Operators

All posts, Security Week

The U.S. government wants to find the people responsible for the Colonial Pipeline ransomware attack and it’s putting up multi-million rewards for data on the operators behind the Darkside extortion campaign. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[HackerNews] Learn to Code — Get 2021 Master Bundle of 13 Online Courses @ 99% OFF

All posts, HackerNews

Whether you are looking to turn into a full-time developer or simply increasing your earnings in your current niche, learning to code can be a smart move. It is a well-known fact that recruiters strive to recruit people with technical skills, and these skills are a great way to build your own startup. Featuring 13 […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.