The U.S. Government Accountability Office (GAO) has issued a report complaining that that federal agencies have not implemented one-third of the cybersecurity recommendations that it has issued since 2010.
In the new report titled “Urgent Actions Needed to Address Cybersecurity Challenges Facing the Nation
,” the GAO stated that put forth more than 3,000 cybersecurity-related recommendations over the past eight years, but 1,000 were still not implemented as of last month. The GAO also noted that 31 of 35 priority recommendations it raised were not addressed. Among the federal agencies that have ignored the GAO, according to the report, are the Securities and Exchange Commission, Internal Revenue Service and Federal Deposit Insurance Corp.
“The federal government needs to implement a more comprehensive cybersecurity strategy and improve its oversight, including maintaining a qualified cybersecurity workforce; address security weaknesses in federal systems and information and enhance cyber incident response efforts; bolster the protection of cyber critical infrastructure; and prioritize efforts to protect individual’s privacy and PII,” said the report, with the latter acronym referring to personally identifiable information. “Until our recommendations are addressed and actions are taken to address the four challenges we identified, the federal government, the national critical infrastructure, and the personal information of U.S. citizens will be increasingly susceptible to the multitude of cyber-related threats that exist.”