Substandard Federal Cybersecurity Puts America at Risk

The U.S. Senate Permanent Subcommittee on Investigations of the Committee on Homeland Security and Governmental Affairs released the staff report Federal Cybersecurity: America’s Data at Risk. This report details the level of risk of cybersecurity attack in federal agencies, the extent to which these agencies are or are not prepared to address a cybersecurity attack, and the concordant risk to sensitive information that poses a threat to national security.

The cybersecurity policies and practices of eight feCybersecurity image - from CHDS imagesderal agencies were examined in this report. These agencies included the Department of Homeland Security, Department of State, Department of Transportation, Department of Housing and Urban Development, Department of Agriculture, Department of Health and Human Services, Department of Education, and the Social Security Administration.

All of these agencies were found to have extensive vulnerabilities in their cybersecurity. Federal agencies consistently fail to comply with the basic cybersecurity standards set forth by the National Institute of Science and Technology’s cybersecurity framework, and lack the valid authorities to handle their information technology (IT) systems. As a result, cyber incidents continue to increase despite an anomalous decrease between 2015 and 2016 that was likely due to a change in reporting requirements.

The Office of Management and Budget (OMB) is tasked with overseeing federal cybersecurity for all agencies through the Federal Information and Security Management Act of 2002, and the Department of Homeland Security overseas implementation of OMB policies after an update to this law in 2014—the Federal Information Security Modernization Act. Annual cybersecurity audits are conducted by the Inspector General (IG) of each agency. These audits were reviewed for this report and found many issues of concern. The Subcommittee concludes that the federal government is unprepared for cyber threats, and has been for over a decade, and will continue to monitor regular IG audits for compliance and improvement.

 

More resources on cybersecurity can be found at the Homeland Security Digital Library (HSDL).

Some of the links in this report require institutional access, click here for a direct link to this report.

Need help finding something?  Ask one of our librarians for assistance!