Security News > 2020 > April > FCC Only Partially Improved Its Cybersecurity Posture, GAO Says
7% of the recommendations were only partially implemented and 30% were not implemented at all as of November 2019, although the FCC is planning on fully implementing all recommendations by April 2021.
"Until FCC fully implements these recommendations and resolves the associated deficiencies, its information systems and information will remain at increased risk of misuse, improper disclosure or modification, and loss," GAO notes in the newly published report.
GAO started looking into the FCC's security posture after a surge of more than 22 million comments on net neutrality disrupted the Commission's Electronic Comment Filing System in 2017, and discovered numerous deficiencies in core security functions.
As of November 2019, the FCC implemented 85 of the recommendations and partially implemented 10 of them, but had not started implementing 41 of the recommendations.
"Fully implementing the remaining recommendations is essential to ensuring that the commission's systems and sensitive information are adequately protected from cyber threats," GAO says.