Information security

Government Accountability Office Issues New Report Highlighting Cyber Risks

The Government Accountability Office has published a new report outlining actions to enhance the security of information systems at the Department of Defense, Cybersecurity and Infrastructure Security Agency, National Institutes of Health and Office of Management and Budget. According to GAO, almost 150 recommendations issued to federal agencies since 2010 have gone unaddressed.

The watchdog called on the DOD to improve its reporting process for defense industrial base cyber incident information and document the instances when individuals are notified of the fact that their personally identifiable information has been compromised.

In a separate report, it was found that Pentagon systems contained insufficient incident report data and authorities had not fully implemented certain processes. One reason given is that the defense agency has failed to designate an organization to oversee such activities.

GAO flagged the unfinished implementation of an organizational plan at CISA, urging the development of timelines and performance metrics to facilitate task completion and progress tracking, FCW reported Wednesday.

The report, issued on Jan. 31, is the second in a four-part series detailing security weaknesses in various organizational areas. GAO released the first report earlier in January, focusing on broad cybersecurity strategy formation and oversight.

Specific efforts suggested include reforms to global information and communications technology supply chain risk management and workforce recruitment and retention plans.