High-Risk Series: Federal Government Needs to Urgently Pursue Critical Actions to Address Major Cybersecurity Challenges, Report to Congressional Addressees [open pdf - 4MB]
From the Highlights: "Federal agencies and the nation's critical infrastructures--such as energy, transportation systems, communications, and financial services--are dependent on information technology systems to carry out operations. The security of these systems and the data they use is vital to public confidence and national security, prosperity, and wellbeing. GAO [Government Accountability Office] first designated information security as a government-wide high-risk area in 1997. This was expanded to include protecting (1) cyber critical infrastructure in 2003 and (2) the privacy of personally identifiable information in 2015. In 2018, GAO reported that the federal government needed to address four major cybersecurity challenges: (1) establishing a comprehensive cybersecurity strategy and performing effective oversight, (2) securing federal systems and information, (3) protecting cyber critical infrastructure, and (4) protecting privacy and sensitive data. Within these four challenges are 10 actions critical to successfully dealing with the serious cybersecurity threats facing the nation (see the figure at right identifying the four challenges and 10 actions). This report provides an update on the progress that the federal government has made in addressing GAO's recommendations for the four major cybersecurity challenges, as of December 2020."
Government Accountability Office: http://www.gao.gov/