Data Entrusted to Eight US Government Agencies Remains at Risk

In 2019, a US Senate report revealed dangerous cybersecurity lapses at eight government agencies. Two years later, the Senate Homeland Security Committee released an update stating that seven out of the eight mentioned government agencies have made minimal improvements since 2019. In addition, they were using technology systems so old that the company that built them was not maintaining them anymore.

According to the updated report, only the Department of Homeland Security, including the government’s lead cybersecurity agency, has made significant improvements. That being said, the data entrusted to all eight agencies remains at risk.

The report also highlighted the following security issues:

• Investigators infiltrated the Department of Education’s system during a hacking exercise and accessed hundreds of documents with personal information, including 200 credit card numbers. The department’s IT personnel didn’t even notice nor block them.
• There isn’t sufficient security and protection for people’s data in the Social Security Administration since the agency is yet to implement computer security requirements mandated in 2015.
• Thousands of State Department’s employees’ digital accounts were not deactivated long after they had left the agency. Some of those accounts contained classified information, making them vulnerable to hacking attacks.
• The Transportation Department had personnel and contractors use thousands of unrecorded IT devices and phones.

Other common issues are the failure to encrypt data, lack of mandatory verification when accessing sensitive data, and continuous access to data by employees who don’t need it.

Senators Rob Portman and Gary Peters want to introduce legislation to address most of these problems by the end of 2022. It should include a rewrite of the main law for government cybersecurity — the Federal Information Security Management Act.