From: GAO | WatchBlog
Lately, it’s a recurring news story—another hack, leak, or breach, and sensitive information is compromised. We’ve long identified information system security as a high-risk area throughout the government. So for October’s Cybersecurity Awareness Month, we’re highlighting federal cybersecurity challenges.
Secure systems to secure the nation
Reported cybersecurity incidents at federal agencies grew more than twelvefold from 2006 to 2014.
(Excerpted from GAO-15-758T)
These incidents can result in the release of sensitive and personal information, theft of intellectual property, destruction or disruption of critical systems, and damage to economic and national security.
Agencies are supposed to protect themselves against threats from hackers, terrorists, insiders, and other nations. To secure federal IT systems, agencies should
- limit access or detect who accesses programs, computers, and facilities
- prevent unauthorized changes to programs and computers
- split responsibilities so no single person controls everything
- plan for problems to keep operations running during emergencies
- manage security so risks are understood and addressed.
But agencies have struggled to implement these security measures. In fact, we found that most of the 24 major federal agencies had persistent weaknesses in 3 or more of these areas. These weaknesses could expose confidential information or even take down entire systems.
Leave a Reply