US govt urged to "build the wall" of cybersecurity
The International Association of IT Asset Management (IAITAM) has urged the Trump administration to "build the wall" protecting US taxpayers from external cyber threats and wasteful federal IT spending.
The IAITAM was responding to a new report from US Senators Tom Carper and Rob Portman finding that a number of federal agencies are failing to comply with even basic cybersecurity standards.
The report into the strength of information security standards at eight federal agencies uncovered a wide range of pervasive cybersecurity failures.
These include the use of outdated systems — including one approaching 50 years old — and lapses in routine maintenance of IT equipment, a failure to act on security vulnerabilities in a timely manner, as well as untracked hardware and software in use within agency networks.
These failures persisted over at least a 10-year period over two administrations.
For example, the US Department of Education has been unable to prevent unauthorised outside devices from easily connecting to the agency’s network since 2011, and as of 2018 had only been able to restrict unauthorised access to 90 seconds.
The report also includes several recommendations for helping US agencies improve their cybersecurity posture.
These include requiring agencies to adopt the Office of Management and Budget's risk-based budgeting model for IT spending, consolidate their security processes and capabilities into security operations centres, and ensuring CIOs have the expertise and authority to make organisation-wide security decisions.
IAITAM CEO Dr Barbara Rembiesa said the findings align with a 2015 report from the association which concluded that at least half of the US$70 billion ($102.82 billion) to US$80 billion the US government spends per year on IT and IT security is wasted.
Inefficient procurement and spending leaves federal agencies in greater danger of breaches, lost and stolen hardware, the use of outdated software, missing software patches and other cybersecurity dangers, the report found.
"You can't build the wall we need to protect taxpayers and sensitive federal data by wasting billions more dollars on random IT spending and cybersecurity measures that vary wildly from federal agency to federal agency," Rembiesa said.
"By focusing largely on hacks and other breaches, elected officials and agency administrators are failing to take a bottom-up approach to the purchase, control, inventory and proper destruction of such IT assets as software, computer hard drives and mobile devices."
Palo Alto Networks has issued a critical security update for PAN-OS following the discovery of...
The federal government has announced a $1.35bn investment program aimed at enhancing...
Security experts warn that the major cyber attack targeting Australian government departments and...