Government still failing to protect IT systems
- By Derek Major
- Apr 18, 2016
Federal, state and local government agencies all rank dead last in cybersecurity health when compared to 17 major private industries, such as education, construction, food and technology.
SecurityScorecard, which conducted the analysis, measured the security performance of government across 10 categories including application security, network security and password exposure.
Government agencies found to have the weakest security systems include NASA and the State Department and the states of Pennsylvania, Connecticut and Washington.
Although government agencies have struggled with protecting systems for years, there have been some particularly significant hacks and breaches lately that have leaked personal and sensitive information. The report tracked 35 breaches at the local, state and federal levels of government in the last year and performed detailed analysis on those at NASA, the FBI and the IRS, which suffered breaches early in 2016.
The report offers recommendations for improving security, such as monitoring common vulnerabilities, exposures lists and vulnerability repositories for code that could exploit an infrastructure; investigating devices connected to the identified IP addresses; checking for evidence of malware infection; and ensuring that all Internet-facing services are updated to latest versions.
Those organizations with the top security postures include the Architect of the Capitol, the Bureau of Reclamation and Clark County, Nev., which received high scores in application security, DNS health, password exposure and endpoint security.
Read the full report here.
Derek Major is a former reporter for GCN.