In order to secure federal IT systems, continued attention is needed, according to a report by the Government Accountability Office (GAO). The report identified severe deficiencies in security controls at a number of federal agencies, which have left persistent vulnerabilities.

 

These weaknesses in the security of both financial and non-financial systems and information, including vulnerabilities in critical federal systems, the report states. These deficiencies continue to place federal assets at risk of inadvertent or deliberate misuse, financial information at risk of unauthorized modification or destruction and critical operations at risk of disruption. The report cited the growing nature of cyber threats to critical infrastructure and federal systems as a significant problem. These threats come from a variety of sources, including criminals and foreign nations, as well as hackers and disgruntled employees, the report states. These potential attackers have a variety of techniques at their disposal, which can vastly enhance the reach and impact of their actions. In order to address the current deficiencies in federal cybersecurity, the GAO has provided a number of recommendations in the past few years.

 

The Department of Homeland Security also needs to fulfill its key cybersecurity responsibilities, such as developing capabilities for ensuring the protection of cyber-based critical infrastructures and implementing lessons learned from a major cyber simulation exercise, the report states.