US government dead last in cybersecurity compared to private sectors – report
Among the worst performers in the government are the US State Department, NASA, and the information technology systems in place in Connecticut, Pennsylvania, and Washington, according to SecurityScorecard, a startup that measures cybersecurity risk.
Compared to 17 major industries, including healthcare, transportation, retail and others, the US government’s cybersecurity protections were the worst. SecurityScorecard surveyed 600 local, state and federal departments, and they generally struggled in three different security categories: network security, malware infections, and software patching abilities.
Out of all state organizations that got less than a “B” score in the report, 90 percent of them received an "F” in software patching cadence, while 80 percent scored the same in network security. The agencies were analyzed based on their overall security network as well as their reaction time to potential problems, then compared to their peers in private industries.
In the one-year period between April 2015 and April 2016, 35 data breaches were tracked, including some that occurred at NASA, the FBI, and the IRS. Notably, NASA had the worst performance of any federal, state or local department.
"With serious data breaches making headlines on what seems like a weekly basis, our team felt compelled to turn a spotlight on government agencies and determine which of them are demonstrating a commitment to securing their infrastructure and which are falling short," said Dr. Luis Vargas, senior data scientist at SecurityScorecard, in a statement.
"The data we uncovered clearly indicates that while some are improving their security postures, too many are leaving themselves dangerously exposed to risks and vulnerabilities, especially at the larger federal level."
The best performing government agencies were Clark County, Nevada, the US Bureau of Reclamation, and the Hennepin County Library in Minnesota, Reuters reported.
The government’s deficiencies when it comes to cybsersecurity have been highlighted often by President Obama, who wants lawmakers to allocate more money to the problem. A hack at the US Office of Personnel Management last year exposed the data of 21.5 million current and former government employees. Hackers were also able to gain access to the fingerprints of some 5.6 million fingerprint records.
Meanwhile, IRS Commissioner John Koskinen told Congress on Tuesday that the agency faces more than a million malicious hacking attempts against its network every day. The department also acknowledged that 1.2 million Americans were targeted in a breach of the IRS’ “Get Transcript” application, which allows users to access their tax history online.
To modernize the technology at various federal agencies, Obama has requested $3.1 billion from Congress, Reuters reported. Another $16 billion would be used for other cybersecurity improvements.