A recent Senate audit on cybersecurity and cyberattack preparedness revealed that at least eight federal agencies have failed in cybersecurity.
In the report titled Federal Cybersecurity: America’s Data STILL At Risk, the Senate Committee on Homeland Security and Governmental Affairs graded federal agencies on their preparedness for cyberattacks and their overall cybersecurity standing. Most of them failed the audit.
Of eight agencies, four got a D grade (Departments of State, Transportation, Education, and the Social Security Administration) and three a C (Departments of Agriculture, Health and Human Services, and Housing and Urban Development). The Department of Homeland Security received a B.
“It is clear that the data entrusted to these eight key agencies remain at risk,” the report stated. “As hackers, both state-sponsored and otherwise, become increasingly sophisticated and persistent, Congress and the executive branch cannot continue to allow PII and national security secrets to remain vulnerable.”
Why Agencies Got Failing Grades
The report gave the example of State Department systems running on software no longer supported, such as old versions of Microsoft Windows, making such systems vulnerable. The department’s systems also failed to have regular security patches installed.
The audit found that the Social Security Administration is suffering from the same problems. Additionally, legacy and unsupported systems and not requiring authorization for many information systems create more vulnerabilities.
Echo of Previous Years
In 2019, the Senate Permanent Subcommittee on Investigations released Federal Cybersecurity: America’s Data At Risk. This report revealed that eight vital federal agencies have significant lapses and shortcomings in their cybersecurity capabilities, including the ability to protect America’s personally identifiable information.
The findings in the report showed that the agencies failed to protect the sensitive data they are storing and maintaining. Two years later, in the same type of audit, most of these agencies still failed.
“What this report finds is stark,” the 2021 audit said.
“The Inspector General identified many of the same issues that have plagued federal agencies for more than a decade. This report finds that these seven federal agencies [not counting Homeland Security] still have not met the basic cybersecurity standards necessary to protect America’s sensitive data.”