Cybersecurity: Federal Response to Solarwinds and Microsoft Exchange Incidents, Report to Congressional Addressees [open pdf - 2MB]
From the Highlights: "The risks to information technology systems supporting the federal government and the nation's critical infrastructure are increasing, including escalating and emerging threats from around the globe, the emergence of new and more destructive attacks, and insider threats from witting or unwitting employees. Information security has been on GAO [Government Accountability Office]'s High Risk List since 1997. Recent incidents highlight the significant cyber threats facing the nation and the range of consequences that these attacks pose. [...] GAO performed its work under the authority of the Comptroller General to conduct an examination of these cybersecurity incidents in light of widespread congressional interest in this area. Specifically, GAO's objectives were to (1) summarize the SolarWinds and Microsoft Exchange cybersecurity incidents, (2) determine the steps federal agencies have taken to coordinate and respond to the incidents, and (3) identify lessons federal agencies have learned from the incidents."
Government Accountability Office: http://www.gao.gov/