The United States remains critically vulnerable to cyber attack, according to a report from the Government Accountability Office (GAO), which also found 10 crucial steps agencies need to take and four major cybersecurity challenges circling the nation’s information security.
Security vulnerabilities are persistent, GAO noted, recommending more than 3,000 recommendations since 2010 for ways U.S. agencies could better their cybersecurity and protect infrastructure, as well as respond to attacks. As of July 2018, GAO has found that around 1,000 of their recommendations have yet to be implemented, leaving the federal government susceptible to breach.
Among the major challenges remaining to agencies are establishing a comprehensive cybersecurity strategy and performing effective oversight on it, securing federal systems and information, protecting cyber infrastructures such as the electric grid and telecommunications networks, and protecting privacy and sensitive data (including limitation of data collection).
“The risks to IT systems supporting the federal government and the nation’s critical infrastructure are increasing as security threats continue to evolve and become more sophisticated,” U.S. Comptroller General Gene Dodaro said. “These risks include insider threats from witting or unwitting employees, escalating and emerging threats from around the globe, steady advances in the sophistication of attack technology, and the emergence of new and more destructive attacks.”
GAO focused its assessments on work started before 2016, as well as more recent cybersecurity policy and strategy documents and information on cyberattacks and security breaches from the information security industry. The recommendations include, but are not limited to, developing and executing a more comprehensive federal strategy for national cybersecurity and global cyberspace; ensure the security of emerging technologies, limit the collection and use of personal information; and mitigate global supply chain risks.