A new report from the Government Accountability Office details urgent action required to address critical cybersecurity challenges facing our nation.
Key Takeaways
-
GAO made 1,610 recommendations for 4 major cybersecurity issues
-
Of the 1,043 recommendations, only 567 have yet to be implemented
-
GAO’s recommendations for 10 critical actions
-
Federal agencies reported more than 30,000 incidents of information security in FY 2022
Released on June 13, 2024, this latest report in the GAO’s ‘High Risk Series” highlights the challenges that the federal Government faces in establishing and implementing a comprehensive cybersecurity policy.
The report highlights the increasing frequency and sophistication in cybersecurity events as the driving force behind the urgency of addressing these challenges. Risks to essential technology systems are increasing, and threats come from a variety of sources, varying by type, capability and motive.
In fiscal year 2022, the Department of Homeland Security (DHS) United States Computer Emergency Readiness Team reported a total of 30,659 incidents of information security to the US-CERT. According to the report, “such an attack could result in serious harm for human safety, national and environmental security, and the economy .”
GAO has issued 1,610 recommendations since 2010 to address issues in four major cybersecurity areas. Federal agencies have implemented 1 043 of these recommendations to date, with 567 not yet implemented by May 2024.
The report indicates that federal agencies are limited to their ability to:
-
Provide effective supervision of critical government-wide projects
-
Mitigate global Supply Chain Risks
-
Cybersecurity workforce management challenges
-
Improve the security of emerging technologies
-
Improve the implementation of government-wide cyber initiatives
-
Addressing weaknesses in federal agency information Security Programs
-
Enhance federal response to cyber incidents
-
Mitigating cybersecurity risks for critical infrastructure systems and data
-
Protect sensitive and private data
Main Cybersecurity Challenges
The four major cyber challenges identified by the GAO include:
-
Implementing a comprehensive cybersecurity plan and performing effective oversight. 170 (43%) out of 396 recommendations were not implemented by May 2024
-
Securing Federal Systems and Information – 221 (26%) out of 839 recommendations has not been implemented as of May 2024
-
Protecting critical infrastructure from cyber-attacks – 64 (51%) out of 126 recommendations are not being implemented (as at May 2024).
-
Protecting privacy, sensitive data and sensitive data – 112 (45%), of 249 recommendations has not been implemented as of May 2024
Critical Actions
The GAO has identified 10 critical actions that can be taken to mitigate the risks.
-
Develop a more comprehensive federal cybersecurity strategy for the national cyberspace and global cyberspace
-
Reduce global supply chain risk (for example, malicious software or hardware installation)
-
Address cybersecurity workforce challenges
-
Strengthen the security of emerging technologies
-
Improve the implementation of government-wide cyber initiatives
-
Addressing weaknesses in federal agency information Security Programs
-
Enhance federal response to cyber incidents
-
Strengthening the federal role to protect the cybersecurity of critical infrastructures (for example, the electricity grid and the telecommunications network)
-
Enhance federal efforts to protect privacy
-
Limit the collection and usage of personal information in a way that is appropriate and ensure it was obtained with consent
In conclusion, the GAO suggests that the federal governments needs to take urgent action to address the challenges, and associated critical actions, detailed in the report. It also says that “a concerted action between the federal government and nonfederal partners” is critical to mitigating risks posed by cyber threats.
Click here to read the full report