Government Agencies Lack Proper Cybersecurity Ahead of 2020 Election
The United States Government Accountability Office (GAO) says it found 23 federal agencies lack proper cybersecurity measures to address oncoming challenges for the 2020 Presidential Election in a new report.
Although the 23 federal agencies GAO reviewed almost always designated a risk executive, they often did not fully incorporate other key practices in their programs:
- Twenty-two agencies established the role of cybersecurity risk executive, to provide agency-wide management and oversight of risk management.
- Sixteen agencies have not fully established a cybersecurity risk management strategy to delineate the boundaries for risk-based decisions.
- Seventeen agencies have not fully established agency- and system-level policies for assessing, responding to, and monitoring risk.
- Eleven agencies have not fully established a process for assessing agencywide cybersecurity risks based on an aggregation of system-level risks.
- Thirteen agencies have not fully established a process for coordinating between their cybersecurity and ERM programs for managing all major risks.
Additionally, agencies face challenges with:
- Hiring and retaining key cybersecurity management personnel
- Managing competing priorities between operations and cybersecurity
- Establishing and implementing consistent policies and procedures
- Establishing and implementing standardized technology capabilities
- Receiving quality risk data
- Using federal cybersecurity risk management guidance
- Developing an agency-wide risk management strategy
- Incorporating cyber risks into enterprise risk management
To read the full report, click here.