Although the majority – nearly 79 percent – of recommendations related to federal cybersecurity called for by the Government Accountability Office (GAO) in 2010 have been implemented, major room for improvement remains, and this week, U.S. Rep. Yvette Clarke (D-NY) added her voice to the warning call.
Clarke is a senior member of the Committee on Homeland Security and the Committee on Energy and Commerce.
“As America’s adversaries continue to exploit cyber vulnerabilities to hack into U.S. networks, it is critical that its federal agencies continue adopting the GAO’s recommendations vital to raising our nation’s baseline cyber posture,” Clarke said. “The persistent cyber threats facing federal agencies demands that we be able to dynamically grow and evolve the programs aimed at defending and building resilience of federal networks. I trust the dedicated public servants behind our federal agencies will heed this vital call for action.”
In a recently released report – Cybersecurity High-Risk Series: Challenges in Securing Federal Systems and Information – GAO recommended that agencies work to improve implementation of government-wide cybersecurity initiatives, tackle weaknesses in their information security programs, and enhance the federal response to cyber incidents to better protect federal systems and information.
“Federal agencies and our nation’s critical infrastructures—such as energy, transportation systems, communications, and financial services—are dependent on technology systems to carry out fundamental operations and to process, maintain, and report vital information,” the GAO report said. “The security of these systems and data is also vital to safeguarding individual privacy and protecting the nation’s security, prosperity, and well-being. However, risks to these essential technology systems are increasing—in particular, malicious actors are becoming more willing and capable of carrying out cyberattacks. Such attacks could result in serious harm to human safety, national security, the environment, and the economy. Agencies and critical infrastructure owners and operators must protect the confidentiality, integrity, and availability of their systems and effectively respond to cyberattacks.”
The GAO report was released weeks after the latest high-profile cyber incident, in which a Swiss cyber activist and developer managed to gain a copy of the U.S. No Fly List from a public, unprotected third-party server. GAO has designated information security a high risk for the government since 1997 and has only expanded that designation with time.
GAO determined that federal agencies will remain limited in their ability to protect private and sensitive data entrusted to them until more critical actions are taken to address cybersecurity. For her part, Clarke indicated that she would push the Cybersecurity and Infrastructure Security Agency (CISA) to swiftly implement reorganization plans to make it better able to lead federal network security efforts and update reporting standards to provide a more accurate assessment of agency cybersecurity programs.