The GAO warned that “significant deficiencies pervade federal systems that jeopardize the confidentiality, integrity, and availability of systems and the information they process.”
The GAO High-Risk Series report is designed to focus attention on government operations that are at high risk due to their greater vulnerabilities to fraud, waste, abuse, and mismanagement or the need for transformation to address economy, efficiency, or effectiveness challenges.
The latest report, released this week, noted that the federal government has not fully implemented “key actions” to address cybersecurity threats and improve the US cybersecurity approach, including: “updating the national strategy for securing the information and communications infrastructure, developing a comprehensive national strategy for addressing global cybersecurity and governance, creating a prioritized national and federal research and development agenda for improving cybersecurity, and implementing the near- and mid-term actions recommended by the cybersecurity policy review directed by the president.”
The report singled out the Department of Homeland Security for failing to improve cybersecurity analysis and warning capabilities, acquire sufficient analytical and technical capabilities, develop strategies for hiring and retaining qualified cybersecurity personnel, and strengthen public-private partnerships in protecting critical infrastructure.
In addition, GAO found that “serious and widespread information security control deficiencies were a government-wide material weakness….Agencies did not consistently implement effective controls to prevent, limit, and detect unauthorized access or manage the configuration of network devices to prevent unauthorized access and ensure system integrity.”
To resolve ongoing cybersecurity problems, the government watchdog recommended that federal agencies develop and implement actions plans to resolve cybersecurity deficiencies in government systems, develop and implement agency-wide cybersecurity programs, and demonstrate measurable progress in improving the cybersecurity of federal systems.