There are growing risks of cyber-attacks targeting the U.S. federal government’s technology systems, according to a new watchdog report.
“Risks to our nation’s essential technology systems are increasing,” the report said. “Such attacks could result in serious harm to human safety, national security, the environment, and the economy.”
The new findings from the U.S. Government Accountability Office (GAO) say federal agencies reported 30,659 information security incidents to the Department of Homeland Security (DHS) in fiscal year 2022.
It’s affecting sectors like public health, energy, transportation and more.
“There’s a large amount of personal information that they protect and it’s really [about] policies and procedures around how to protect that,” said Marisol Cruz Cain, a Director in GAO’s Information Technology and Cybersecurity team.
The report said GAO has made more than 1,600 recommendations to improve cybersecurity protections since 2010, but more than 500 of those recommendations still haven’t been fully put in place.
“Until these recommendations are fully implemented, the federal government will be hindered in ensuring the security of federal systems and critical infrastructure and the privacy of sensitive data,” the report said. “This increases the risk that the nation will be unprepared to respond to the cyber threats that can cause serious damage to public safety, national security, the environment, and economic well-being.”
The report said a big issue has been the inability for some federal agencies to properly track progress of the strategies they use to fight against cyber threats.
“They don’t have outcome-based performance measures. A lot of time and effort was put into creating a strategy but if we have no way to measure the success of that strategy, then we’re not sure that is working well,” said Cain.
Federal agencies point to challenges like budgetary considerations and competing priorities as reasons why some of the cybersecurity recommendations still have not been implemented.
“There has been a lot of progress made in ensuring the cybersecurity of our nation’s systems and data. I think there are perpetual issues such as that malicious actors are always a step ahead of us and we need to take the federal government cyber posture to more proactive than reactive,” said Cain. “Another big takeaway is we need to learn how to share information better within the federal government but also with the federal government and those critical sectors of the nation: education, our healthcare, our technology, our energy and gas.”