IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Senate report slams agencies for poor cyber security

Federal agencies still score poorly on data protection

Abstract image showing padlocks on a blue background

According to a US Senate report, seven out of eight federal agencies fail to protect critical data due to inadequate cyber security

The bipartisan report revealed details of an investigation by the Senate Committee on Homeland Security and Government Affairs into cyber security measures in the federal government

"What this report finds is stark," said the document, titled Federal Cybersecurity: America's Data at Risk. "Inspectors general identified many of the same issues that have plagued Federal agencies for more than a decade. Seven agencies made minimal improvements, and only DHS managed to employ an effective cybersecurity regime for 2020." 

The report examined Agriculture, Education, Health and Human Services, Homeland Security, Housing and Urban Development, State, Social Security, and Transportation. It follows a similar investigation into the same eight agencies in 2019 and shows little progress. 

Most agencies reviewed still failed to install security patches quickly. At least seven of the eight agencies, including the DHS, are still using legacy systems that no longer receive vendor support, rendering them vulnerable to cyber attacks, warned the report. Seven of the agencies also failed to maintain proper asset inventories, it added. 

The document lists several failings across the agencies. The State Department could not provide documentation for 60% of sample employees with access to its classified network. It also failed to delete thousands of accounts for employees who had left the agency. 

Related Resource

Security awareness training strategies for account takeover protection

Why you need an inside-the-perimeter strategy for internal threats

Security awareness training strategies for account takeover protection - whitepaper from MimecastFree download

The report added that penetration testers stole sensitive personal information, including 200 credit card numbers, from the Department of Education without employees noticing. Plus, the Department of Agriculture had "a significant number of high vulnerabilities" on its public-facing websites that the agency didn't know about. 

Recommendations from the Committee included central coordination for cyber security through a government-wide office that handles the issue for the federal government. The Office of Management and Budget (OMB) should also adopt a risk-based budgeting model that would allocate funds more effectively to close loopholes most likely to be exploited, it added. 

In May, the White House issued an executive order addressing cyber security weaknesses across the federal government. That sought to address IT supply chain risk, which the Government Accountability Office warned was lacking across federal agencies in December. 

Featured Resources

AI for customer service

IBM Watson Assistant solves customer problems the first time

View now

Solve cyber resilience challenges with storage solutions

Fundamental capabilities of cyber-resilient IT infrastructure

Free Download

IBM FlashSystem 5000 and 5200 for mid-market enterprises

Manage rapid data growth within limited IT budgets

Free download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Recommended

2022 IBM's Security X-Force cloud threat landscape report
Whitepaper

2022 IBM's Security X-Force cloud threat landscape report

22 Nov 2022
2022 Magic quadrant for Security Information and Event Management (SIEM)
Whitepaper

2022 Magic quadrant for Security Information and Event Management (SIEM)

22 Nov 2022
Seven realities facing SMBs as they enter a future of increased cyber threats
Whitepaper

Seven realities facing SMBs as they enter a future of increased cyber threats

21 Nov 2022
US federal agency breached by Iranian state-backed hackers via Log4Shell exploit
Security

US federal agency breached by Iranian state-backed hackers via Log4Shell exploit

17 Nov 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
Windows users now able to run Linux apps and distros natively
Microsoft Windows

Windows users now able to run Linux apps and distros natively

24 Nov 2022