A recent report from the Senate Homeland Security and Governmental Affairs Subcommittee has found that government agencies have “historically failed to comply with cybersecurity standards.” According to the report, the number of data breaches experienced by agencies in recent years is “not surprising†due to the state of federal networks’ cybersecurity posture and how such agencies failed to address information technology infrastructure issues that left sensitive public information vulnerable to attacks.Â
The subcommittee reviewed inspector general reports released over the last decade and discovered cases of non-compliance with basic National Institute of Standards and Technology cybersecurity standards. These include failures in protecting personally identifiable information, maintaining a comprehensive and accurate list of IT assets, installing security patches, modernizing legacy systems and ensuring valid “authority to operate†certifications.
IG reports covered by the study include those for the Social Security Administration and the departments of Homeland Security, State, Transportation, Housing and Urban Development, Agriculture, Health and Human Services and Education.
