WASHINGTON (NEXSTAR) — At least eight government agencies aren’t meeting federal cybersecurity standards, a recent study found, and that some lack the basic infrastructure needed to defend against cyberthreats.
The agencies surveyed by the Committee on Homeland Security and Governmental Affairs Permanent Subcommittee on Investigations include the:
Department of Homeland Security,
Department of State,
Department of Transportation,
Department of Housing and Urban Development,
Department of Agriculture,
Department of Health and Human Services,
Department of Education,
and Social Security Administration.
PDF: Read the full report
“We’re concerned about it. It’s really an alarming report,” said Sen. Rob Portman, the Ohio Republican who called for the investigation. “It’s time for us to require these agencies to put a higher priority on protecting our personal information.”
Portman said the report outlines 10 years of failures. In 2015, foreign hackers stole the data of 22 million Americans from a federal agency. Portman said that should have been a wake-up call.
He’s calling for massive reforms and new best practices to prevent future problems.
“The government agencies need to be held to the same standards we hold the private sector,” said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies.
He supports Portman’s reforms, but said that Congress will have to put its money where its mouth is to make them happen.
“Every year, cybersercuity in the federal government gets a little better,” he said. “Of course, the bad news is the people who are going after the federal government also get better. So it is a race.”
It not yet clear if Portman’s legislation, which hasn’t been written, will including more funding.