Auditors: Feds’ Cybersecurity Gets the Dunce Cap

2021-08-05 21:54

Out of eight U.S. federal agencies identified two years ago with critical cybersecurity failures, seven still don't meet basic standards, a new audit report found.

"Inspectors general identified many of the same issues that have plagued Federal agencies for more than a decade. Seven agencies made minimal improvements and only DHS managed to employ an effective cybersecurity regime for 2020.".

The Inspector General also found the National Cybersecurity Protection System program for agencies, also known as EINSTEIN, wasn't as effective as it needs to be to detect and prevent attacks.

"Despite legal requirements for Federal agencies to secure their networks, they repeatedly fail to do so - this includes implementing basic cybersecurity hygiene practices and protecting the sensitive information entrusted to them," the report said.

All of these reports have recommended that government agencies develop a comprehensive and centralized strategy for national cybersecurity which is hardly surprising, given the data they gather, the functions they serve and the "Extraordinarily high levels of information security risk" they face.

"The mindset of agency leadership must change. Like much of the cybersecurity industry, most agency security programs have invested significantly more in prevention technologies and products than they have in detective systems. But those products are failing," he said.

News URL

https://threatpost.com/auditors-feds-poor-cybersecurity-dunce-cap/168418/

#cybersecurity #FED