Cyber threat preparedness

GAO to Release Assessment of Government Agencies’ Cybersecurity Posture Amid Pandemic

The Government Accountability Office is assessing the cybersecurity impacts of technologies adopted in response to the COVID-19 pandemic. Jennifer Franks, the GAO’s director of IT and cybersecurity, said the agency aims to release a report on the subject by early 2022 but refused to get into the details of the findings so far.

Franks noted that the threat surface for most government agencies has expanded because more employees are working remotely. She added that agencies knowingly continue to accept the added cybersecurity risks to ensure the health and safety of their employees.

The GAO’s cybersecurity chief said that on top of worrying about their respective networks, agencies must also be mindful of the networks of their trusted partners and suppliers. She pointed to the SolarWinds incident and Microsoft Exchange vulnerabilities as recent examples of how federal agencies can secure their own networks yet still be vulnerable to attacks, Federal News Network reported Wednesday.

Franks urged government agencies to begin implementing a zero trust architecture and proactive threat hunting, which promises to give more visibility inside an enterprise’s network.

Certain agencies have already acted upon the GAO’s advice. Mike Witt, associate chief information officer for the cybersecurity and privacy division at NASA, said that efforts are currently underway toward a software-defined access network infrastructure, which will provide a framework for zero trust at the agency.

The space agency manages an online presence of 3,000 websites and 42,000 publicly accessible databases. While it has worked to improve its cybersecurity posture, its internal inspector general has assessed that NASA has been subjected to more than 6,000 cyberattacks in the past four years.