Cybersecurity at federal agencies is in a sorry state, according to Senate investigators. The Permanent Subcommittee on Investigations of the Senate Homeland Security Committee issued a grave warning this week.
The 99-page report titled “Federal Cybersecurity: America’s Data at Risk” blasted the Department of Homeland Security, the State Department and the Social Security Administration, among five other agencies, for outdated, vulnerability-laden systems. The subcommittee spent 10 months reviewing 10 years of inspector general's reports and found ample cause for concern.
The report cites the Office of Management and Budget (“OMB”), which concluded that agencies “do not understand and do not have the resources to combat the current threat environment.”
Cyberincidents reported by federal agencies skyrocketed from about 5,500 in 2006 to more than 77,000 in 2015, amounting to a 13-fold increase, investigators found. The report cites the Office of Management and Budget (“OMB”), which concluded that agencies “do not understand and do not have the resources to combat the current threat environment.”
Financial data on students applying for college loans, payroll and savings information on prospective home buyers exploring home loan options and travel records on citizens traveling abroad and then returning to the United States are just a few examples of highly sensitive information at risk, per the report.
Some troubling findings include the Department of Homeland Security’s continued use of Windows XP and Windows Server 2003, both of which have had support discontinued by Microsoft for several years. The Transportation Department only recently stopped using a database nearly five decades old and Social Security is running a legacy system whose programming origins are from the 1950s.
Recommendations in the report include risk-based budgeting to better address critical threats, consolidated security processes and cybersecurity expertise as a priority in hiring.