The State Department and 3 other US agencies earn a D for cybersecurity:
Cybersecurity at eight federal agencies is so poor that four of them earned grades of D, three got Cs, and only one received a B in a report issued Tuesday by a US Senate Committee.
"It is clear that the data entrusted to these eight key agencies remains at risk," the 47-page report stated. "As hackers, both state-sponsored and otherwise, become increasingly sophisticated and persistent, Congress and the executive branch cannot continue to allow PII and national security secrets to remain vulnerable."
The report, issued by the Senate Committee on Homeland Security and Governmental Affairs, comes two years after a separate report found systemic failures by the same eight federal agencies in complying with federal cybersecurity standards. The earlier report found that during the decade spanning 2008 to 2018, the agencies failed to properly protect personally identifiable information, maintain a list of all hardware and software used on agency networks, and install vendor-supplied security patches in a timely manner.
The 2019 report also highlighted that the agencies were operating legacy systems that were costly to maintain and hard to secure. All eight agencies—including the Social Security Administration and the Departments of Homeland Security, State, Transportation, Housing and Urban Development, Agriculture, Health and Human Services, and Education—failed to protect sensitive information they stored or maintained.
Tuesday's report, titled Federal Cybersecurity: America's Data Still at Risk, analyzed security practices by the same agencies for 2020. It found that only one agency had earned a grade of B for its cybersecurity practices last year.
"What this report finds is stark," the authors wrote. "Inspectors general identified many of the same issues that have plagued Federal agencies for more than a decade. Seven agencies made minimal improvements, and only DHS managed to employ an effective cybersecurity regime for 2020. As such, this report finds that these seven Federal agencies still have not met the basic cybersecurity standards necessary to protect America's sensitive data."
Related Stories
Back in 1998, Paul Strassmann, a former CIO of Xerox, NASA, and the US Department of Defense, wrote in Computerworld about how Microsoft's overly complex, defective, and vulnerable systems which were already a threat to national security even back then. The intervening time has shown Strassmann to have been more than correct as the problems he identified with Microsoft and its products worsen monatonically. Mitchel Lewis writes a guest post at Techrights about the current situation and how Microsoft remains a security threat against national security and systematic reliability of our computer-based society today:
That said, I think enough time has elapsed to confirm that Paul Strassmann is an authority on such matters and that Microsoft is precisely who he said they were. Further and with hindsight in our pocket, it seems as if Microsoft was merely projecting when they said Strassmann's paper was flawed and that he made errors in analyzing the state of computer security and its causes in light of their 95–99% monopoly on ransomware infections alone and that ransomware is already considered to be a national security threat.
[...] However, I'd like to think that Microsoft would get creative if the government were to sanction Microsoft by allowing allow citizens and businesses impacted by ransomware to bill Microsoft for the cost of the ransom and their losses in productivity. And although Microsoft cannot be faulted for the attacks, they can be faulted for their shit-in-hand approach to quality and security while sanctioning them until they actually take a common-sensical approach to quality and security appears to be the simplest means of combating ransomware and mitigating the threat it poses to our national security.
While 2% of known ransomware affects Android, which makes 72% of the mobile market and 41% of all clients, the rest is for Microsoft's product line which weighs in at 32% of the market nowadays. So far Microsoft's response has been weak and based on strawman fallacies with the occasional feeble ad-hominem fallacy thrown in.
Previously:
Many posts about Windows ransomware
(2021) The State Department and Three Other US Agencies Earn a D for Cybersecurity
(2016) DNC Creates A 'Cybersecurity Board' Without A Single Cybersecurity Expert
(2016) Execs: We're Not Responsible for Cybersecurity
(Score: 0) by Anonymous Coward on Friday August 06 2021, @12:03AM
... for crimes against security.
(Score: 2) by HammeredGlass on Friday August 06 2021, @12:25AM (1 child)
...after they left the door wide open and the keys in the ignition.
(Score: 1, Touché) by Anonymous Coward on Friday August 06 2021, @08:47AM
Deep inside, you know you deserved to go to jail anyway, right?
(Score: 2) by Runaway1956 on Friday August 06 2021, @01:25AM (1 child)
I was afraid that having signed up for Medicare, I might be exempted from data leaks and such. I'm relieved to know that Medicare and Social Security will be just as careless with my data as any other government agency!
Show of hands: Who thinks it is a good idea to cooperate with census workers and other government agents and representatives who collect information?
Abortion is the number one killed of children in the United States.
(Score: 2) by Opportunist on Friday August 06 2021, @09:19AM
Hey, stranger things have happened, people give that information, and more, to the like of Facebook.
(Score: 0) by Anonymous Coward on Friday August 06 2021, @01:30AM (5 children)
> "... allow PII and national security secrets to remain vulnerable."
Note that PII comes first, then national security. Just sayn'.
(Score: 0) by Anonymous Coward on Friday August 06 2021, @01:38AM (4 children)
Q: What does it say on the bottom of Coke cans in Washington D.C? A: Open other end.
(Score: 0) by Anonymous Coward on Friday August 06 2021, @02:06AM (1 child)
Hey, no fair plagiarizing the fortune cookie...which just now says:
> Q: What does it say on the bottom of Coke cans in North Dakota? A: Open other end.
(Score: 0) by Anonymous Coward on Friday August 06 2021, @01:53PM
We are anonymous. We are legion. We plagiarize everything.
(Score: 2) by Opportunist on Friday August 06 2021, @09:23AM (1 child)
Instructions unclear, opened as instructed, now it all ran out the bottom.
Stupid system.
(Score: 0) by Anonymous Coward on Friday August 06 2021, @08:26PM
By design, IQ is centered with a mean (or average?) of 100.