Government Agencies Lack Proper Cybersecurity Ahead of 2020 Election

It's Time to Change Your Perception of the Cybersecurity Professional

August 2, 2019

The United States Government Accountability Office (GAO) says it found 23 federal agencies lack proper cybersecurity measures to address oncoming challenges for the 2020 Presidential Election in a new report.

Although the 23 federal agencies GAO reviewed almost always designated a risk executive, they often did not fully incorporate other key practices in their programs:

Twenty-two agencies established the role of cybersecurity risk executive, to provide agency-wide management and oversight of risk management.
Sixteen agencies have not fully established a cybersecurity risk management strategy to delineate the boundaries for risk-based decisions.
Seventeen agencies have not fully established agency- and system-level policies for assessing, responding to, and monitoring risk.
Eleven agencies have not fully established a process for assessing agencywide cybersecurity risks based on an aggregation of system-level risks.
Thirteen agencies have not fully established a process for coordinating between their cybersecurity and ERM programs for managing all major risks.

Additionally, agencies face challenges with:

Hiring and retaining key cybersecurity management personnel
Managing competing priorities between operations and cybersecurity
Establishing and implementing consistent policies and procedures
Establishing and implementing standardized technology capabilities
Receiving quality risk data
Using federal cybersecurity risk management guidance
Developing an agency-wide risk management strategy
Incorporating cyber risks into enterprise risk management

To read the full report, click here.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.