08/03/2021 | Press release | Distributed by Public on 08/03/2021 08:14
WASHINGTON, DC - Today, U.S. Senators Rob Portman (R-OH) and Gary Peters (D-MI), the Ranking Member and Chairman of the Senate Homeland Security and Governmental Affairs Committee, released a new bipartisan report reviewing cybersecurity at eight federal agencies and documenting the continued failure of seven of those agencies to comply with the baseline cybersecurity requirements in the Federal Information Security Modernization Act (FISMA) and safeguard America's data. The report titled Federal Cybersecurity: America's Data Still at Risk shows that, two years after Portman's bipartisan 2019 report on federal agency cybersecurity, which he released as then-Chairman of the Permanent Subcommittee on Investigations (PSI), there are still systemic failures to safeguard American data at the Department of State; the Department of Transportation; the Department of Housing and Urban Development; the Department of Agriculture; the Department of Health and Human Services; the Department of Education; and the Social Security Administration, including failures: to protect personally identifiable information adequately, to maintain accurate and comprehensive IT asset inventories, to maintain current authorizations to operate for information systems, to install security patches quickly, and to retire legacy technology no longer supported by the vendor.
The Portman-Peters report follows Portman's bipartisan 2019 report on federal agency cybersecurity and reviews FY 2020 Inspectors Generals reports on compliance with federal information security standards and finds that seven federal agencies still have not met the basic cybersecurity standards necessary to protect America's sensitive data. In fact, the Inspectors General identified many of the same issues that have plagued federal agencies for more than a decade. The report makes specific recommendations to shore up federal agency cybersecurity and address these vulnerabilities. The report also includes a cybersecurity report card for all the cabinet departments and the largest independent agencies, and the average grade of the large federal agencies' overall information security maturity was a C-.
'From SolarWinds to recent ransomware attacks against critical infrastructure, it's clear that cyberattacks are going to keep coming and it is unacceptable that our own federal agencies are not doing everything possible to safeguard America's data,' said Senator Portman. 'This report shows a sustained failure to address cybersecurity vulnerabilities at our federal agencies, a failure that leaves national security and sensitive personal information open to theft and damage by increasingly sophisticated hackers. I am concerned that many of these vulnerabilities have been outstanding for the better part of a decade - the American people deserve better. In the coming months, I will be introducing legislation to address the recommendations raised in this report so that America's data is protected. This report makes it clear that the Biden administration must also ensure there is a single point of accountability for federal cybersecurity to oversee the implementation of our recommendations and address these cybersecurity failures.'
'Shortcomings in federal cybersecurity allow cybercriminals to access Americans' personal information, which not only compromises our national security - but risks the livelihoods of people in Michigan and across the country. This report has identified an urgent need to further strengthen cybersecurity defenses at federal agencies and protect this sensitive data,' said Senator Peters. 'Through the American Rescue Plan, I was able to help secure vital resources to modernize and safeguard information systems critical to the federal pandemic response - but there's more work to be done. As Chairman of the Homeland Security and Governmental Affairs Committee, I will continue working with the Administration and Ranking Member Portman to secure federal IT systems and ensure that federal agencies are taking necessary steps to prevent Americans' valuable information from being stolen.'
The report's key findings include:
The report makes the following recommendations:
NOTE: The bipartisan Portman-Peters report follows Senator Portman's bipartisan June 2019 report examining eight key federal agencies. During that investigation, PSI reviewed ten years of Inspectors Generals reports on compliance with federal information security standards for: (1) the Department of Homeland Security; (2) the Department of State; (3) the Department of Transportation; (4) the Department of Housing and Urban Development; (5) the Department of Agriculture; (6) the Department of Health and Human Services; (7) the Department of Education; and (8) the Social Security Administration. The 2019 report details how each of these agencies failed to comply with basic cybersecurity protocols and included a number of recommendations to address those failures.
###