Cybersecurity Risks for U.S. Federal Agencies Are Increasing, Report Says
WASHINGTON, DC — The danger of cyber-attacks on U.S. federal technology systems is rising, according to a new report from the Government Accountability Office (GAO). In fiscal year 2022, federal agencies reported a whopping 30,659 information security incidents to the Department of Homeland Security (DHS).
Rising Risks to Essential Tech Systems
The GAO warns that threats to the nation’s critical technology systems are escalating. "Such attacks could result in serious harm to human safety, national security, the environment, and the economy," the report stated.
A Growing Number of Incidents
The report stresses the alarming frequency of security breaches, affecting sectors like public health, energy, and transportation. Marisol Cruz Cain, a Director at GAO’s Information Technology and Cybersecurity team, noted, "There’s a large amount of personal information that they protect and it’s really about policies and procedures around how to protect that."
Unaddressed Recommendations
Since 2010, the GAO has made more than 1,600 recommendations to bolster cybersecurity, yet over 500 recommendations are still not fully implemented. "Until these recommendations are fully implemented, the federal government will be hindered in ensuring the security of federal systems and the privacy of sensitive data," the report emphasized. This increases the risk of being unprepared for cyber threats that could harm public safety, national security, the environment, and economic well-being.
Tracking Progress is an Issue
A significant problem highlighted by the report is the inability of some federal agencies to effectively track the progress of their cyber threat countermeasures. "They don’t have outcome-based performance measures. A lot of time and effort was put into creating a strategy, but if we have no way to measure its success, we can’t be sure it’s working well," said Cain.
Budget and Priorities
Challenges like budgetary constraints and competing priorities are often cited as reasons why some cybersecurity recommendations have not been implemented. "A lot of progress has been made in ensuring the cybersecurity of our nation’s systems and data. However, malicious actors are always a step ahead of us, and we need to adopt a more proactive approach," said Cain.
Need for Better Information Sharing
Another essential area for improvement, according to the GAO, is better information sharing within federal agencies and with critical sectors like education, healthcare, technology, and energy. Improved communication can enhance national cybersecurity and more effectively combat emerging threats.
