New report shows key agencies don’t patch software or replace decades-old systems used to manage privacy info of citizens
A U.S. Senate subcommittee has released a new bipartisan report that documents the glaring failures of eight federal agencies to address major cybersecurity vulnerabilities.
Sen. Rob Portman, the Ohio Republican who presented the report, called the cybersecurity issues "a huge failure of government."
Here are 10 of the most stunning examples of cybersecurity negligence pointed out by the Permanent Subcommittee on Investigations:
Portman told the Avast Blog the cybersecurity needs of the American people require top tech talent. "The American people expect their personal information to be protected, and right now that isn’t happening. Due to the seriousness of these vulnerabilities, cyber hiring at these agencies must become a top priority. We must ensure that there are CIOs at all agencies and that they have the authority to make organization-wide decisions on cybersecurity. Without this senior-level accountability, agencies will continue to struggle to effectively secure their networks. Congress should continue its oversight of this issue to make sure agencies have the necessary resources and are making smart choices.”
A top issue noted in the report, the failure to update old software, is immediately addressable, an Avast security analyst said. “We have a new Avast psychology report that identifies people’s avoidance as a reason they don’t patch old software. That’s understandable, but when it comes to federal computer issues, it’s no excuse. Our product Avast Business Patch Management helps a great deal by monitoring updates for organizations in one central dashboard,” said Avast cybersecurity evangelist Gill Langston.
The eight agencies that were the focus of the audit are: the Department of Transportation (DOT); Department of Housing and Urban Development (HUD); Department of Agriculture (USDA); Department of Health and Human Services (HHS); Department of Education; and the Social Security Administration (SSA). These seven agencies were cited by OMB as having the lowest ratings with regard to cybersecurity practices based on NIST’s cybersecurity framework in fiscal year 2017.
Read the entire report here.
In a new case that started this week, the U.S. Supreme Court is reviewing the 1986 Computer Fraud and Abuse Act (CFAA) to judge whether or not the law’s wording is too vague.
The hacker’s forum OGUsers has ironically been a tempting target for criminals, with a series of at least three successful hacking attempts in the past couple of years.