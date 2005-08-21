from the go-stand-in-the-corner dept.
The State Department and 3 other US agencies earn a D for cybersecurity:
Cybersecurity at eight federal agencies is so poor that four of them earned grades of D, three got Cs, and only one received a B in a report issued Tuesday by a US Senate Committee.
"It is clear that the data entrusted to these eight key agencies remains at risk," the 47-page report stated. "As hackers, both state-sponsored and otherwise, become increasingly sophisticated and persistent, Congress and the executive branch cannot continue to allow PII and national security secrets to remain vulnerable."
The report, issued by the Senate Committee on Homeland Security and Governmental Affairs, comes two years after a separate report found systemic failures by the same eight federal agencies in complying with federal cybersecurity standards. The earlier report found that during the decade spanning 2008 to 2018, the agencies failed to properly protect personally identifiable information, maintain a list of all hardware and software used on agency networks, and install vendor-supplied security patches in a timely manner.
The 2019 report also highlighted that the agencies were operating legacy systems that were costly to maintain and hard to secure. All eight agencies—including the Social Security Administration and the Departments of Homeland Security, State, Transportation, Housing and Urban Development, Agriculture, Health and Human Services, and Education—failed to protect sensitive information they stored or maintained.
Tuesday's report, titled Federal Cybersecurity: America's Data Still at Risk, analyzed security practices by the same agencies for 2020. It found that only one agency had earned a grade of B for its cybersecurity practices last year.
"What this report finds is stark," the authors wrote. "Inspectors general identified many of the same issues that have plagued Federal agencies for more than a decade. Seven agencies made minimal improvements, and only DHS managed to employ an effective cybersecurity regime for 2020. As such, this report finds that these seven Federal agencies still have not met the basic cybersecurity standards necessary to protect America's sensitive data."
(Score: 0) by Anonymous Coward on Friday August 06, @12:03AM
... for crimes against security.
(Score: 2) by HammeredGlass on Friday August 06, @12:25AM
...after they left the door wide open and the keys in the ignition.