A Senate report published Tuesday found that the “vast majority of federal agencies” have ineffective information security programs that risk the exposure of critical Social Security Administration.. According to the Senate Homeland and Governmental Affairs Committee’s survey, agencies’ inspectors general assessing the federal government’s cybersecurity gave the largest agencies an overall grade of C- on an A to F scale. The worst score of D went to several agencies, including the Commerce, Education, State, Transportation, and Veterans Affairs departments and NASA, the Office of Personnel Management, and the
Report authors Sens. Rob Portman, Ohio Republican, and Gary Peters, Michigan Democrat, wrote that no agency received an A for its cybersecurity program. “This report shows a sustained failure to address cybersecurity vulnerabilities at our federal agencies, a failure that technology or maintain an inventory of their information technology.to theft and damage by increasingly sophisticated hackers,” Mr. Portman said. “I am concerned that many of these vulnerabilities have been outstanding for a decade — the deserve better.” The poor grades reflect the federal government’s inability to protect personal information adequately and the failure to shield unauthorized users from sensitive systems and update their
The weaknesses of the federal government’s cybersecurity have received renewed scrutiny after theof computer network management software that compromised nine federal agencies and was detected last year. The the Russian Foreign Intelligence Service (SVR) for the SolarWinds hacking campaign. The Senate to far less sophisticated actors.
“For example, thecould not provide documentation of user access agreements for 60% of the sample employees tested with access to the department’s classified network. This network contains , could cause ‘grave damage to national security,'” read the report. “Perhaps more troubling, [the State Department] failed to after extended periods of inactivity on both its classified and sensitive but unclassified networks.”
According to the report, some employees who were fired, quit, or retired still had access to their hackers breaching USAID systems to target 3,000 email accounts at more than 150 organizations. Microsoft said the responsible for the SolarWinds hack were also behind the campaign targeting USAID’s Constant Contact account. Constant Contact is a .five months after they left the State Department. Agencies that also have experienced cybersecurity challenges. For example, the U.S. Agency for International Development (USAID) received a B in the Senate report. In May 2021, Microsoft observed
The complete picture of sensitive government information exposed to hackers is unclear. On Friday, thedisclosed that the SolarWinds hack compromised email accounts across 27 U.S. Attorneys’ offices, including Washington and New York. A White House spokesperson said federal agencies had failed to address their information security weaknesses for decades and maintained that the is now taking action to address the problem. The spokesperson pointed to the Biden administration included money for cybersecurity modernization efforts in the coronavirus relief package enacted this , including $1 billion for a tech modernization fund and $650 million for the Cybersecurity and Infrastructure Security Agency.
The spokesperson also said the administration is implementing Presidentfrom May on cybersecurity, designed to improve guidelines for government vendors and to develop a framework for federal civilian agencies to use cloud services, among other things. Mr. Portman said he would offer new legislation to protect Americans’ data better , and Mr. Peters, who chairs the Homeland Security panel, said he would work with the Ohio Republican to ensure that federal agencies change their cybersecurity practices.