U.S. Federal Agencies Lack Basic Cybersecurity Processes

A new report titled “Federal Cybersecurity Risk Determination Report and Action Plan” has shed some light on the cybersecurity inadequacy of U.S. federal agencies. Please note that:

The Office of Management and Budget (OMB) is publishing this Federal Cybersecurity Risk Determination Report and Action Plan (Risk Report) in accordance with Presidential Executive Order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, (Executive Order 13800) and OMB Memorandum M-17-25, Reporting Guidance for Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.

What Are the Findings on Federal Agency Cybersecurity?

The report has discovered that there is little situational awareness, few standard processes for reporting or managing attacks and almost no agencies appropriately carrying out even basic encryption. According to the OMB, the current situation of cybersecurity is “untenable”. More particularly, as much as three quarters of federal agencies have highly insufficient cybersecurity programs with significant security gaps. Some of the programs are rated as “at risk” while others are “high risk” where fundamental processes are lacking.

The report is focused on four major discoveries all of which reveal troublesome statistics and recommendations. Two of the most significant areas of risk that were identified in agency assessments were the abundance of legacy information technology (IT), which is difficult and expensive to protect, as well as shortages of experienced and capable cybersecurity personnel, the report noted.

The Risk Report recognizes the detrimental impacts that limited personnel resources have on agencies’ ability to manage their cybersecurity risks. It also examines the risks associated with several of the IT modernization challenges, namely decentralized security operations centers (SOCs) and the lack of standardized IT capabilities.

One of the main issues is that federal agencies lack both the understanding and the (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Milena Dimitrova. Read the original post at: https://sensorstechforum.com/u-s-federal-agencies-lack-cybersecurity/