According to a report from Senate investigators released last Tuesday federal agencies responsible for safeguarding the security and personal data of millions of Americans have failed to implement basic defenses against cyberattacks.
The agencies earned a grade of C- for falling short of many federally-mandated standards in the 47-page report released by the Senate Homeland Security Committee.
The report also concluded that Americans' personal information remains at risk as a multitude of high-profile cyber attacks continue to plague critical US infrastructure. The audit accuses eight critical agencies, including the Department of Homeland Security, the State Department and the Social Security Administration of relying on outdated systems, ignoring mandatory security patches and failing to protect sensitive data such as names, date of birth, income, social security numbers and credit card numbers.
In 2020, the White House reported 30,819 information security incidents across the federal government, according to the report, which also evaluated the Department of Transportation, the Department of Housing and Urban Development, the Department of Agriculture, the Department of Health and Human Services and the Department of Education.
In a test of its cyber defenses, the State Department could not provide documents accounting for 60% of employees who had access to the agency's classified network. The report found the agency "left thousands of accounts active after an employee left the agency for extended periods of time on both its classified and unclassified networks."
"All agencies failed to comply with statutory requirements to certify to Congress they have implemented certain key cybersecurity requirements including encryption of sensitive data, least privilege, and multi-factor authentication," the report continued.
Tuesday's review not only outlines a glaring problem within a large amount of US agencies, it also highlights failures to comply with the Federal Information Security Modernization Act of 2014.