GAO Says Government Needs to Move with More Urgency on Cybersecurity
Thursday, March 25, 2021 | Comments

The Government Accountability Office (GAO) said that while the federal government has made improvements on addressing cybersecurity, it needs to move more urgently to address the issue as the number and severity of cyber threats rises.

In 2018, the GAO identified 10 actions it said the federal government needed to take in order to address four major challenges related to cybersecurity. The GAO said that ensuring the nation’s cybersecurity is on its high risk list.

“Since then, the government has made some improvements, but weaknesses remain, as seen in the December 2020 discovery of a major cyberattack on agencies, infrastructure and the private sector,” the GAO’s report said.

The four challenges identified by the Gao in 2018 were establishing a comprehensive cybersecurity strategy and performing oversight, securing federal systems and information, protecting cyber critical infrastructures, and protecting privacy and sensitive data.

In 2018 and 2019, the Trump administration established a cybersecurity strategy and implementation plan. The GAO said that work included some but not all of the characteristics needed for a strong national cybersecurity plan.

“The new administration needs to either update the existing strategy and plan or develop a new comprehensive strategy that addresses those characteristics,” the GAO’s report said.

Additionally, the GAO said it is important that the government identify a specific role for leading the implementation of the plan. In its previous report, the GAO had suggested that a position in the White House be established to lead the implementation.

The new GAO report noted that the Biden administration established the Office of the National Cyber Director within the Executive Office of the President. The position has not yet been filled.

“Once the position is filled, the federal government will be better situated to direct activities to overcome the nation's cyber threats and challenges, and to perform effective oversight,” the GAO’s report said.

On the second challenge — securing federal information and systems — the GAO noted that the government has made some progress in securing systems but said there are still numerous cybersecurity weaknesses in federal agencies due to ineffective information security programs.

“Further, cyber incidents are increasingly posing a threat to government and private sector entities,” the report said. “The seriousness of the threat was reinforced by the December 2020 discovery of a cyberattack that has had widespread impact on government agencies, critical infrastructures and the private sector. In 2019, GAO reported that most of the 16 agencies reviewed had incident response processes with key shortcomings, thereby limiting the ability to minimize damage from attacks.”

On protecting cyber critical infrastructure, the GAO said it has made nearly 80 recommendations since 2010, but nearly 50 of those recommendations have not been implemented.

“As a result, the risks of unprotected infrastructures being harmed are heightened,” the report said.

On protecting privacy and sensitive data, the GAO noted that both the federal government and private sector have struggled to protect privacy and sensitive data because advances in technology have made it easier to correlate information about individuals and allowed the development of more sophisticated tracking capabilities.

“The vast number of individuals affected by various data breaches has underscored concerns that personally identifiable information is not adequately being protected,” the report said.

In 2019, the GAO noted that the U.S. did not have a comprehensive internet privacy law to govern the collection, use and sale of personal information. At that time, the GAO recommended that Congress consider developing legislation on internet privacy that would protect consumers.

In concluding its report, the Gao noted that it has made about 3,300 recommendations on improving cybersecurity since 2010 but more than 750 of those recommendations have not been implemented.

Find the full report here.

Would you like to comment on this story? Find our comments system below.

Post a comment
Name: *
Email: *
Title: *
Comment: *


No Comments Submitted Yet

Be the first by using the form above to submit a comment!


June 2021

21 - 25
UTC Telecom and Technology Conference
Portland, Oregon

August 2021

15 - 18
APCO Conference and Expo
San Antonio, Texas

September 2021

27 - 30
International Wireless Communications Expo (IWCE) 2021
Las Vegas

November 2021

3 - 5
Critical Communications World 2021
Madrid, Spain

More Events >

Site Navigation