Sens. Susan Collins, R-Maine, left, says there needs to be increased focus on cybersecurity, and Joe Lieberman, I-Conn., says his committee is drafting a bill aimed at ensuring that agencies take the necessary steps to protect their computer networks. (AFP)
Federal agencies remain vulnerable to cyber attacks and security breaches because they've failed to take required steps to secure Internet connections and computer systems, the Government Accountability Office said in two reports issued today.
No agency has taken all of the actions required to secure their Web networks under the Trusted Internet Connections and Einstein programs, GAO said in the report, "Information Security: Concerted Effort Needed to Consolidate and Secure Internet Connections at Federal Agencies." GAO largely faulted the Office of Management and Budget and the Homeland Security Department for the delays, saying they provided "inconsistent communication" to agencies for how to secure their Web connections.
GAO also reviewed efforts to roll out the Federal Desktop Core Configuration initiative, which was launched by OMB and the National Institute of Standards and Technology in 2007 and is supposed to provide a baseline level of security for government-owned desktop and laptop computers. No agency has deployed all of the configuration settings on all of their workstations as required under the initiative, GAO said in the report, "Information Security: Agencies Need to Implement Federal Desktop Core Configuration Requirements."
Leaders from the Senate Homeland Security and Governmental Affairs Committee, which requested the GAO investigations, said agencies need to do better.
Chairman Joe Lieberman, I-Conn., said his committee is drafting a bill aimed at ensuring that agencies take the necessary steps to protect their computer networks. Ranking member Susan Collins blamed a lack of focus from agencies and the administration.
"We must elevate the focus on cybersecurity within the federal government and across our nation's critical cyber infrastructure. Only a strong leader with significant new authorities can be held accountable for the security of these digital assets," Collins, R-Maine, said.