Access controls fall short in most agencies
- By William Jackson
- Sep 19, 2014
If access control is the front line of cyber defense, federal agencies are in a vulnerable position, according to the Government Accountability Office. All 24 of the major executive branch agencies evaluated by the GAO had weaknesses in access control in fiscal 2011, the latest year for such an evaluation.
GAO analyzed inspector general and other reports to identify weaknesses in five critical areas of security controls, including configuration management, segregation of duties, continuity of operations planning and information security programs.
Most agencies showed weaknesses in all of these areas, but access control was the only area in which all agencies were lacking. Consistent shortfalls such as this are one reason information security has been designated a high-risk area by GAO since before the turn of this century.
The weaknesses persist despite the attention to cybersecurity of several successive administrations, according to the GAO, which identified seven significant challenges to enhancing federal cybersecurity and the nation’s critical infrastructure:
- Implementing actions recommended by the president’s cybersecurity policy review
- Updating the national strategy for securing the information and communications infrastructure
- Reassessing the Department of Homeland Security’s planning approach to critical infrastructure protection
- Strengthening public-private partnerships, particularly for information sharing
- Enhancing the national capability for cyber warning and analysis
- Addressing global aspects of cybersecurity and governance
- Securing the modernized electricity grid, referred to as the smart grid.
William Jackson is a Maryland-based freelance writer.