A new audit report revealed that 17 of 23 Chief Financial Officer Act agencies are failed to implement the core functions of the cybersecurity framework of the National Institute for Standards and Technology. According to a report from the United States Government Accountability Office (GAO), 17 agencies have material vulnerabilities in their internal security systems and only 13 agencies are following proper cybersecurity risk management.
“The 23 civilian agencies covered by the Chief Financial Officers Act of 1990 (CFO Act) have often not effectively implemented the federal government’s approach and strategy for securing information systems. Until agencies more effectively implement the government’s approach and strategy, federal systems will remain at risk,” the GAO report stated.
“While agencies have gotten better at preventing and detecting intrusions into their systems, they are still vulnerable to attacks such as “phishing”—emails designed to trick staff into clicking malicious links. Moreover, many agencies have not yet fully implemented effective security programs or practices, leaving them vulnerable to future attacks,” the report added.
The GAO stated that they suggested recommendations to the Department of Homeland Security and the Office of Management and Budget to help agencies progress their detection and prevention abilities.
The Government Accountability Office recently conducted a study to evaluate the state of the Department of Defense (DOD) weapon systems cybersecurity. The legislative branch government agency stated that most of the new weapons designed by DOD are vulnerable to cyber-attacks. GAO pointed out that DOD does not even know the full extent of the problems that existed in their weapons. In the report, GOA stated that it and others have warned DOD of cyber risks for decades, until recently, DOD did not prioritize weapon systems cybersecurity.