Report Shows US Government Agencies Aren’t Doing Enough on Cybersecurity

Published on June 26, 2019
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

A report by the subcommittee on investigations of the US Homeland Security and Government Affairs paints a very dire picture for federal cybersecurity. As it is noted, government agencies and public organizations aren’t even taking the basic steps required in order to secure the personally identifiable information of the citizens, as well as other critically important types of information. In the same time that government agencies fall victims to ransomware attacks that force them to pay large amounts of the taxpayers’ money, the agencies still use obsolete software and hardware that comes with a bottomless list of possible security vulnerabilities.

Government agencies, as well as organizations in the private sector, are expected to comply to the NIST (National Institute of Standards and Technology) Cybersecurity Framework, but the committee found that many agencies fail to follow even the basic of these guidelines. Seven out of the eight agencies reviewed by the subcommittee failed to protect people’s PII, five out of the eight agencies don’t maintain any IT assets, six out of eight don’t install security patches, and all eight agencies examined overly relied on legacy systems. The agencies that were audited are DHS, DOT, HUD, USDA, HHS, Education, SSA, and the DOS.

The key findings of the report that characterize the current situation are the following:

Do you have any comments to make on the above? Let us know of your opinion in the dedicated section beneath, or share your views with our online community on our social media, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: