Aug 03—A report sponsored by the US Senate Homeland Security and Governmental Affairs Committee has discovered “stark” shortcomings in regards to cyber security policies and procedures among federal agencies.

Security experts gave the average agency a letter grade of C- in relation to security maturity. Several agencies were described as showing “very little improvement” since 2019. In summary, seven federal agencies “have not met the basic cyber security standards necessary to protect America’s sensitive data.”

The inquiry also explored security at NASA and the Office of Personnel Management. Both groups received low grades around their cyber security postures.

Senate report details

The audit shows that agencies continue to rely on outdated systems. In addition, the seven cited in the report were shown to have ignored mandatory security patches, and have failed to adequately protect sensitive data. This includes credit card and social security numbers.

Senator Rob Portman (R-Ohio) responded with “This report shows a sustained failure to address cybersecurity vulnerabilities at our federal agencies, a failure that leaves national security and sensitive personal information open to theft and damage by increasingly sophisticated hackers.”

Senate Homeland Security and Governmental Affairs Committee Chairman, Gary Peters (D-Mitch.) described the work that federal agencies must complete in order to remain cyber secure. He cited the Colonial Pipeline breach and the JBS incident as scary hacking scenarios.

Gary Peters also asserted, “Shortcomings in federal cybersecurity allow cybercriminals to access Americans’ personal information, which not only compromises our national security – but risks the livelihoods of people in Michigan and across the country.”

Senate report, eye-popping facts

• The US State Department remained unable to show security clearances for many of its employees. In addition, thousands of accounts appeared accessible to employees who had departed from the organization months before.
• US Department of Transportation officials were unable to account for nearly 15,000 of the agency’s assets. This grouping includes servers, work stations and mobile devices.
• Further, a test of the Education Department’s security showed that over 1,000 files could be accessed from the outside. This includes 200 credit card numbers. The Education Department’s personnel were unable to detect or block this activity.

What the senate report means

The senate report suggests that hackers may have easy access to sensitive systems, resources and data. As a result, US national security may be at-risk. Agencies must quickly work to implement and revamp cyber security infrastructure in order to keep up with 21^st century cyber security threats.

Biden recently signed an executive order to boost critical infrastructure security. Should he do the same to force fast action among federal agencies?