WASHINGTON—Some 23 federal agencies were found to have come up short in their cybersecurity efforts even as attacks on their IT infrastructures continue to grow and concerns about foreign interference in the upcoming 2020 elections persist, according to a Government Accountability Office report.
The GAO found that 22 of the 23 agencies it reviewed had designated an executive in charge of risk, but that most had failed in other key areas of risk management, such as developing a cybersecurity risk management plan; creating policies for assessing, monitoring and responding to risk; and establishing processes for coordinating their cybersecurity and enterprise risk management programs, stated Bank Info Security in its analysis.
The government watchdog laid out 58 recommended steps the 23 agencies should take to shore up their cybersecurity defenses, saying that until they do, "agencies will face an increased risk of cyber-based incidents that threaten national security and personal privacy."
The top recommendation was for the Office of Management and Budget and the Department of Homeland Security to develop ways that agencies can share successful methods for addressing challenges in such areas as managing the competing priorities if cybersecurity and operations and implementing consistent cybersecurity risk management practices, Bank Info Security explained.
“Other recommendations were aimed at individual agencies to help them shore up weaknesses. For example, the Commerce, Health and Human Services and Interior departments should conduct organization-wide cybersecurity risk assessments, while Transportation, Treasury and Veterans Affairs need to improve coordination between cybersecurity and enterprise risk management functions,” Bank Info Security said.