Data breaches frequently fail to spur better federal cybersecurity efforts
The past few months have seen a series of major data breaches at a number of federal agencies. The most notable of these occurred at the State Department and White House, both of which saw their computer networks infiltrated by sophisticated hackers. The U.S. Postal Service and Transportation Department were also the targets of successful cyberattacks, among a number of others.
Unsurprisingly, these incidents drew significant attention and led to calls for superior cybersecurity efforts across the federal government. Yet as The Washington Times reported, little progress has been made in this area, leaving many agencies vulnerable to future cyberattacks.
The need for improvement
The source revealed that according to internal investigative reports on federal cybersecurity efforts, many agencies continue to have lax policies and practices in this area, despite the rash of recent breaches.
Speaking to the news source, Paul Rosenzweig, a former top policy aide for the Department of Homeland Security, indicated that the federal government is essentially no better than the private sector when it comes to warding off hackers and other cyberthreats.
"It's clear that we are short on the degree to which we make this a priority," he told the source.
The Washington Times pointed to the variety of reports issued by inspectors general following hacking efforts at the State Department, National Oceanic and Atmospheric Administration and other agencies. These reports found that many departments fell behind in terms of implementing system upgrades, which significantly contributed to creating vulnerabilities for cybercriminals to target. As the State Department's IG noted, these problems are not recent developments.
"Although we acknowledge the department's actions to improve its information security program, we continue to find security control deficiencies in multiple information security program areas that were previously reported in FY 2010, FY 2011, FY 2012 and FY 2013," the State Department IG wrote, according to the news source. "Over this period, we consistently identified similar control deficiencies in more than 100 different systems."
Changing the culture
These findings suggest that the federal government's cybersecurity problems are deep-rooted and will require a major effort to overcome. Agencies must change the way that both decision-makers and staff in general approach cybersecurity. Personnel need to appreciate both how important cybersecurity is and how virtually every digital interaction may affect efforts in this area.
To this end, the services of third-party solutions providers will prove critical. Agencies can retain these services to gain a fresh perspective on their cybersecurity efforts, and to help educate personnel on best practices.