Rep. Jason Chaffetz (R-Utah), chairman of the House Oversight and Government Reform Committee, has pointed up the struggle of various agencies in implementing security patches on time for critical vulnerabilities, Federal News Radio reported Wednesday.
Meredith Somers writes Chaffetz told committee members at a hearing Wednesday that 39 out of more than 360 vulnerabilities have yet to be fixed 10 months after the Department of Homeland Security ordered agencies to ensure flaws are patched within a month.
Andy Ozment, DHS assistant secretary for cybersecurity and communications, said these critical vulnerabilities include legacy software tools and unsupported devices, according to the report.
Rep. William Hurd (R-Texas) cited a December hack into Juniper Networks‘ ScreenOS software used by NASA and the departments of Treasury and Commerce during the hearing, Somers reports.
“Of the 12 agencies affected, three, including the [Treasury], took longer than 50 days to fully install patches and mitigate the threat posed by this vulnerability,” Hurd explained to the committee.
Lawmakers currently work on various bills to push for the modernization of outdated systems.
The report said Sens. Jerry Moran (R-Kan.) and Tom Udall (D-N.M.) crafted the Cloud Infrastructure Transition Act in a bid to authorize the Federal Risk and Authorization Management Program to accredit commercial cloud service providers and help create working capital funds for IT modernization.