Hello, Guest!

Cybersecurity

Senate Report Highlights Agencies’ Inability to Protect Sensitive Data

Cybersecurity report

Senate Report Highlights Agencies’ Inability to Protect Sensitive Data

The Senate Homeland Security and Governmental Affairs Committee has published a report highlighting federal agencies’ cybersecurity weaknesses, specifically their inability to protect sensitive information.

The findings were drawn from 2020 audits conducted by inspectors general for the departments of Homeland Security, State, Transportation, Housing and Urban Development, Agriculture, Health and Human Services, Education and the Social Security Administration.

According to the report, seven of the reviewed agencies continue to use outdated systems or applications, leaving them vulnerable to foreign hacking, CyberScoop reported Tuesday.

The report also revealed that only one agency was deemed capable of adequately protecting personally identifiable information.

Additionally, six agencies failed to quickly install security patches and other vulnerability remediation controls.

More specifically, HUD was flagged for allowing unauthorized shadow information technology while the DOT was called out for failing to maintain records of about 15,000 IT assets. The report also pointed out USDA’s neglect of a significant number of high vulnerabilities in its public-facing websites.

Most of these weaknesses were also documented in a 2019 report, underscoring federal agencies’ failure to make progress within the one-year period. The Senate Committee singled out the DHS for showing improvements in 2020.

To improve agencies’ cyber posture, the panel called for the expansion of the Cybersecurity and Infrastructure Security Agency’s shared services offerings to federal agencies.

Among other things, it was recommended that the DHS produce a plan to improve the EINSTEIN intrusion detection system and that Congress update the 2014 Federal Information Security Modernization Act to reflect current best practices and formalize CISA’s role as the operational lead for federal cybersecurity.

Potomac Officers Club Logo
Become a Potomac Officer Club Insider
Sign up for our weekly email & get exclusive event, and speaker updates, and find networking opportunities to connect with GovCon decision makers.

Category: Cybersecurity