Watchdog faults administration for cyber implementation

The administration is taking steps to shore up its cybersecurity, but has a long way to go, concluded a biennial government watchdog report.

“The federal government continues to face challenges in effectively implementing cybersecurity policies,” said the Government Accountability Office (GAO) in its 2015 High-Risk List, which spotlights vulnerable programs and areas, released Wednesday.

{mosads}Nearly every major agency has significant information security weaknesses, GAO said, leaving the federal government’s networks vulnerable to a range of cyber threats.

The cyber menace is so great the GAO expanded its cyber focus in this year’s report, adding an assessment of the government’s ability to protect its workers’ personally identifiable information (PII).

In the last five years, the number of federal breaches exposing PII have more than doubled, to over 27,000, “and that’s just reports by the federal agencies,” said Comptroller General of the United States Gene Dodaro during a Wednesday press conference.

“It’s clear that we have to address this issue,” added Rep. Elijah Cummings (D-Md.), ranking member on the House Oversight and Government Reform Committee. “Cybersecurity affects our constituents on a day-to-day basis. If it does not affect them directly, it makes them feel vulnerable.”

While the report gave credit to the government for putting in place plans to address many of its cyber challenges, GAO said many agencies had not yet taken the steps needed to implement their strategy.

“Shortcomings persist in assessing risks, developing and implementing security controls and monitoring results at federal agencies,” the GAO said.

The White House and Congress have moved in recent months to codify key agencies’ cyber roles and bolster their ability to hire and retain a cyber workforce.

Lawmakers passed a series of five small cyber bills in December that clarified the cyber jurisdiction of the Department of Homeland Security (DHS) and the Office of Management and Budget (OMB).

The White House has followed that up by creating a new federal agency to coordinate cyber threat data analysis across the government. On Friday, President Obama will sign an executive order that is expected to reshape how the DHS exchanges cyber information with the private sector.

The GAO gave lawmakers and the White House credit for their initiative, but pressed them to go further and deliver more tangible results.

“Progress will need to be demonstrated by agencies fully implementing their information security programs and by critical infrastructure sectors improving their cybersecurity,” the report said.