US GAO pushes agencies on cybersecurity
In a report to Congress, the Government Accountability Office (GAO) raised some serious cybersecurity risks, noting that the threat landscape has become much more challenging and complex
Since 2010, the GAO has recommended to other agencies 1,620 steps to close security gaps. The cyber risk report noted that nearly 600 of these haven’t been acted upon, putting the security of federal systems and critical infrastructure at risk. The GAO blamed a mix of competing budget priorities, communications failures, and the inability of some agencies to accurately measure outcomes.
White House offers guidance on strategy
Through the Office of the National Cyber Director, the White House has offered guidance to both agencies and non-governmental entities on how to build an effective cybersecurity strategy and how to execute on that plan.
For example, in March the White House sent a letter to all 50 US governments flagging specific threats to waste and drinking water infrastructure from two nation-state-affiliated threat actors. The letter included links to Environmental Protection Agency and Cybersecurity and Infrastructure Agency (CISA) resources specifically targeted toward water systems.
These assets include training, consultative help, tools, and technical support, starting with the most basic security practices. The agencies outline foundational training and controls including training staff to recognise and dodge phishing schemes, the use of strong passwords, multi-factor authentication, and ensuring software is up to date.
GAO pushes the federal government to do more
The GAO said the federal government needs to do more to steer agencies in the right direction with respect to critical areas like securing the global supply chain, maintaining an expert cybersecurity staff and being aware of potential risks related to evolving technologies such as Artificial Intelligence (AI).
Access the most comprehensive Company Profiles
on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Company Profile – free
sample
Thank you!
Your download email will arrive shortly
We are confident about the
unique
quality of our Company Profiles. However, we want you to make the most
beneficial
decision for your business, so we offer a free sample that you can download by
submitting the below form
By GlobalData
In a report in 2023, the GAO found that the Department of Defense had addressed some elements to reduce supply chain risks but had not implemented some suggested controls. In a government-wide report on AI, the GAO noted 20 federal agencies have 1200—current and planned use cases.
The GAO outlined 35 guidelines to protect these but so far none have been implemented.
While the GAO noted that advances in technologies like AI show promise across a range of industries, they also open the door to new risks.
The GAO urged agencies to be careful to assess any newly introduced technology and make sure they have the appropriate controls in place to minimise risk. Implementing all the GAO’s recommendations is essential to protect all federal systems, data, and staff.