US Senate Finds Systemic Cybersecurity Failures In Federal Agencies

A report released by a US Senate committee has painted a damming assessment of the cybersecurity readiness at multiple US federal agencies.

The bipartisan report published on Tuesday revealed details of an investigation by the Senate Committee on Homeland Security and Government Affairs, into the cyber security measures in the federal government.

Alarmingly, the ‘Federal Cybersecurity: America’s Data Still at Risk’ report found that seven out of eight federal agencies fail to protect critical data due to inadequate cyber security measures.

Federal failures

The report found there are still systemic failures to safeguard American data at the Department of State; the Department of Transportation; the Department of Housing and Urban Development; the Department of Agriculture; the Department of Health and Human Services; the Department of Education; and the Social Security Administration.

Only the Department of Homeland Security had an effective cybersecurity program for 2020, according to the report.

But seven federal agencies failed to protect personally identifiable information adequately; failed to maintain accurate and comprehensive IT asset inventories; failed to maintain current authorisations to operate for information systems; failed to install security patches quickly; and failed to retire legacy technology no longer supported by the vendor.

Worse still, the report inspectors identified many of the same issues that have plagued federal agencies for more than a decade.

“From SolarWinds to recent ransomware attacks against critical infrastructure, it’s clear that cyberattacks are going to keep coming and it is unacceptable that our own federal agencies are not doing everything possible to safeguard America’s data,” said Republican Senator Rob Portman.

“This report shows a sustained failure to address cybersecurity vulnerabilities at our federal agencies, a failure that leaves national security and sensitive personal information open to theft and damage by increasingly sophisticated hackers,” said Senator Portman.

“I am concerned that many of these vulnerabilities have been outstanding for the better part of a decade – the American people deserve better,” he added. “In the coming months, I will be introducing legislation to address the recommendations raised in this report so that America’s data is protected. ”

Data protection

“Shortcomings in federal cybersecurity allow cybercriminals to access Americans’ personal information, which not only compromises our national security – but risks the livelihoods of people in Michigan and across the country,” added Democrat Senator Gary Peters.

“This report has identified an urgent need to further strengthen cybersecurity defenses at federal agencies and protect this sensitive data,” Said Peters. “Through the American Rescue Plan, I was able to help secure vital resources to modernize and safeguard information systems critical to the federal pandemic response – but there’s more work to be done.”

While the average grade of the large federal agencies’ overall information security maturity was a C-, the Departments of State, Commerce, Education, Transportation and Veterans Affairs all scored lower than that with D grades.

Hostile nations

The SolarWinds compromise revealed how vulnerable many IT systems of the US government remain vulnerable to outside hackers, which includes nation state hackers.

The hackers inserted backdoor code into SolarWinds’ Orion platform in March of 2020 (or possibly earlier according to one US senator) and used this to access the systems of at least half-a-dozen US federal agencies, as well as potentially thousands of private firms before the attack was discovered in December 2020.

The scale of the US government compromise is still being investigated, but just before Christmas US Senator Ron Wyden revealed that dozens of email accounts at the US Treasury Department were compromised.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Tesla Reaches $1 Trillion Valuation

Car maker Tesla now worth at least double that of Toyota, Volkswagen and Ford combined,…

2 hours ago

Australia Funds Telstra Buy Of Digicel Pacific To Thwart China

Strategic blocking? Australian government joins forces with Telstra to acquire Digicel Pacific, after interest from…

3 hours ago

Apple ‘Very Likely’ To Face DoJ Antitrust Lawsuit – Report

Two year investigation by Department of Justice of tech giants has seen acceleration of Apple…

4 hours ago

France Holds Secret Talks With Israel Over NSO Spyware

Top adviser to French President holds talks with Israeli counterpart to discuss NSO spyware allegedly…

5 hours ago

Facebook Making Online Hate Worse, Whistleblower Tells MPs

Frances Haugen answered questions from the UK parliament's Joint Committee on Monday, after cache of…

7 hours ago

Silicon UK In Focus Podcast: Women In Tech

Today we are speaking to Joanne Thurlow, Head of IT for Siemens Energy, Industrial Application…

7 hours ago