How Safe Are US Federal Agencies from Cyber Threats?

At the end of June 2019, a US Senate subcommittee presented its analysis of cybersecurity at American federal agencies. The results weren’t pretty – there were eight agencies with longstanding histories of being at risk for cyber terrorism. Moreover, at these agencies, problems could go on unchecked for up to a decade.

Is the situation so terrible across the board? Read on to learn the extent of cybersecurity gap at federal agencies.

What’s the Scope of the Problem?

In the middle of 2018, the Permanent Subcommittee on Investigations of the Senate Homeland Security Committee embarked upon a review of ten years’ worth of inspector general reports about the state of cybersecurity at federal agencies. The subcommittee uncovered evidence that eight government agencies had severe challenges in defending themselves against cyber threats.

The Social Security Administration and the Departments of State, Transportation, Housing and Urban Development, Agriculture, Health and Human Services and Education, and Homeland Security all came under intense scrutiny for a variety security shortcomings. Homeland Security, for example, is still using Windows XP and Windows 2003, neither of which are supported by Microsoft. A lack of support means that those systems are vulnerable to hackers because there aren’t patches to protect them.

A lack of cybersecurity at significant government agencies isn’t a new problem, sadly. Federal agencies reported over 35,000 incidents in 2017 alone. Moreover, agencies are aware of these problems but lack the resources to deal with them – Agriculture, Transportation, and Health and Human Services all had recurring or unaddressed issues that were a decade old. State had problems stretching back five years.

What Can Be Done?

While the situation is admittedly bleak, some steps can be taken to rectify these problems. The subcommittee report contained several recommendations, which if adopted, would enable agencies to improve their cybersecurity.

For a start, the government needs to acknowledge that cybersecurity is mission-critical. It’s not just IT’s problem. As a result of lax measures up to this point, government agencies have suffered thousands of attacks. Those attacks put personally-identifiable information of American citizens at risk, which is unacceptable.

This point is crucial today. The US is engaging foreign cyber terrorists, including state-sponsored actors. Having a good offense is essential, but if you’re not taking defensive measures (such as securing information properly), then you’re still vulnerable.

Second, the US government must move away from legacy technology, especially that which hasn’t been supported by vendors in years. One system at Transportation has been in use for almost five decades! Along the same lines, agencies need to test and implement patches quickly (yet without compromising their safety and effectiveness). Patches protect networks – without them, hackers can infiltrate systems.

In today’s global political climate, in which cyberterrorism and hacking abound, the US government cannot afford inadequate cyber defenses. Vital information (both state secrets as well as personally-identifiable information of citizens) depends upon it.

Aquila is ready to secure your systems. Please contact us for more details on how we can help.

Rachel Levy Sarfin

Rachel Levy Sarfin is a Toronto-based freelance writer who has focused on B2B technologies (including digital security) since 2012.
Rachel Levy Sarfin