Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Audits

Senate Report Shows Decade-Long Failure of Gov Agencies to Protect Personal Data

A new report from the U.S. Senate’s Committee on Homeland Security and Governmental Affairs has revealed the decade-long failure of several important federal agencies to secure their systems and protect sensitive and personal information.

A new report from the U.S. Senate’s Committee on Homeland Security and Governmental Affairs has revealed the decade-long failure of several important federal agencies to secure their systems and protect sensitive and personal information.

The report, signed by Rob Portman, chairman of the Permanent Subcommittee on Investigations, and Tom Carper, ranking member of the subcommittee, is the result of a 10-month investigation covering 10 years of Inspector General reports.

The analysis targeted the Department of Homeland Security, the Department of State, the Department of Transportation, the Department of Housing and Urban Development, the Department of Agriculture, the Department of Health and Human Services, the Department of Education, and the Social Security Administration. These agencies, except the DHS, have been assigned the lowest cybersecurity rating by the Office of Management and Budget.

According to the report, seven of the eight agencies failed to ensure adequate protection for personal information, and five of them failed to maintain accurate IT asset inventories.

All of the eight government organizations are still using systems or applications that no longer receive security updates, and six of them have failed to install patches or take action for mitigating vulnerabilities in a timely manner.

The investigation has found that agencies such as the DHS, the Department of Transportation, the Department of Agriculture, and the HHS failed to address vulnerabilities and other cybersecurity issues for 10 years, while the State Department’s systems were weakened by security holes that remained unresolved for more than five years.

In the case of the Department of Education, the report says the organization has not been able to prevent unauthorized devices from easily connecting to its network. The investigation also found that vulnerabilities in the systems of the Social Security Administration exposed the personal information of 60 million individuals who receive social security benefits.

“Hackers with malicious intent can and do attack federal government cyber infrastructure consistently. In 2017 alone, federal agencies reported 35,277 cyber incidents,” Portman said. “After a decade of negligence, our federal agencies have failed at implementing basic cybersecurity practices, leaving classified, personal, and sensitive information unsafe and vulnerable to theft. The federal government can, and must, do a better job of shoring up our defenses against the rising cybersecurity threats.”

Advertisement. Scroll to continue reading.

Related: Equifax Was Aware of Cybersecurity Weaknesses for Years, Senate Report Says

Related: U.S. Senators Want Transparency on Senate Cyberattacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...