senate committtee

Senate Report: Federal Agencies Have Failed To Respond to Growing Cybersecurity Threats

Eight agencies, including the Department of Homeland Security and Education Department, are using outdated systems that have few security updates and have failed to protect Americans’ personal data.

Federal agencies tasked with protecting the personal and financial data of millions of Americans have failed to update their systems or implement basic cybersecurity defenses, according to a recent Senate report.

The June report, titled “Federal Cybersecurity: America’s Data at Risk,” is the product of a subcommittee’s 10-month review of a decades’ worth of inspectors general reports of core government agencies. Eight agencies, including the Department of Homeland Security, the Department of State, the Department of Education and the Social Security Administration, were found to have several vulnerabilities in their cybersecurity systems and practices.

“The federal government remains unprepared to confront the dynamic cyber threats of today,” the report reads. “The longstanding cyber vulnerabilities consistently highlighted by Inspectors General illustrate the federal government’s failure to meet basic cybersecurity standards to protect sensitive data.”

Seven agencies were found to have failed to adequately protect personally identifiable information, and six agencies failed to install security patches in a timely manner. All eight agencies that were surveyed use “legacy,” or outdated, systems that are no longer supported by the vendor with security updates, leading to substantial risk of breaches.

Most shockingly, the Department of Transportation was using a 48-year-old system to track hazardous materials data. The program was finally phased out at the end of May because there were very few employees who knew how to use it, according to the report.

But other agencies are also using old systems to carry out their core responsibilities. Homeland Security continues to use Windows XP and Windows Server 2003 for many of its internal systems, despite the fact that Microsoft discontinued support for those programs years ago.

These findings are compounded by the fact that the federal government experiences tens of thousands of cyber incidents and breaches per year. More than 77,000 incidents were reported in 2015, with that number dropping significantly in recent years due to a rule change that allows agencies to report fewer kinds of attacks, according to NBC News.

Investigators found that the Education Department is particularly vulnerable to these incidents. The agency has been unable to prevent unauthorized devices from connecting to its network for years, according to the report.

Only recently has the department been able to limit unauthorized access to 90 seconds, which is still plenty of time to “launch an attack or gain intermittent access to internal network resources,” the report said. Those resources include the personal and financial data of millions of Americans who have applied for federal student loans.

In addition to its findings, the subcommittee offered some recommendations, including the hiring of more cybersecurity experts, prioritizing funds for systems updates and having more regular reports on the status of cyber threats. Jake Olcott, vice president of government affairs at the cybersecurity company BitSight, told Fortune that government officials should be held accountable for breaches just as corporate executives are.

“The reality is, unlike in the commercial sector today, where CEOs and board members are being fired because of data breaches, there is not the same level of accountability and responsibility in the federal government,” Olcott told Fortune. “Start holding people accountable for improving security performance…Those are the things you need congressional and executive leadership.”

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • 2024 Gun Violence Report: Fewer Overall Incidents, but School Deaths and Injuries Are on the Rise

    Omnilert, provider of gun detection technology, today released its compilation of Gun Violence Statistics for 2024 summarizing gun violence tragedies and their adverse effects on Americans and the economy. While research showed a decrease in overall deaths and injuries, the rising number of school shootings and fatalities and high number of mass shootings underscored the need to keep more people safe in schools as well as places of worship, healthcare, government, retail and commerce, finance and banking, hospitality and other public places. Read Now

  • Survey: Only 7 Percent of Business Leaders Using AI in Physical Security

    A new survey from Pro-Vigil looks at video surveillance trends, how AI is impacting physical security, and more. Read Now

  • MetLife Stadium Uses Custom Surveillance Solution from Axis Communications

    Axis Communications, provider of video surveillance and network devices, today announced the implementation of a custom surveillance solution developed in collaboration with the MetLife Stadium security team. This new, tailored solution will help the venue augment its security capabilities, providing high-quality video at unprecedented distances and allowing the security team to identify details from anywhere in the venue. Read Now

  • U.S. Cyber Trust Mark Launches for Consumer Internet-Connected Devices

    The White House recently announced the launch of a cybersecurity label for internet-connected devices, known as the U.S. Cyber Trust Mark, completing public notice and input over the last 18 months. During that time, FCC Commissioners decided in a bipartisan and unanimous vote to authorize the program and adopt final rules, as well as the trademarked, distinct shield logo that will be applied to products certified for the U.S. Cyber Trust Mark label. Read Now

Featured Cybersecurity

Webinars

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3