Several Government Agencies Get D Grades for Cybersecurity in Damning Assessment

One would like to think that the government agencies in charge of storing some of our nation’s most sensitive information would employ the latest and most effective cybersecurity protocols available today. According to a recent report by the Senate Committee on Homeland Security and Governmental Affairs, though, this is sadly not the case. In this damning report, eight federal agencies were shown to have such poor cybersecurity that they received a D grade. Three other agencies, meanwhile, received a C grade, while only one agency – the Department of Homeland Security – was able to earn a B grade. 

“It is clear that the data entrusted to these eight key agencies remain at risk,” the report concluded. “As hackers, both state-sponsored and otherwise, become increasingly sophisticated and persistent, Congress and the executive branch cannot continue to allow PII and national security secrets to remain vulnerable.”

According to the report, the cybersecurity grades for each of the eight agencies that were analyzed is as follows:

• Department of Education – D
• Department of State – D
• Department of Transportation – D
• Social Security Administration – D
• Department of Health and Human Services – C
• Department of Agriculture – C
• Department of Housing and Urban Development – C
• Department of Homeland Security – B

One of the primary issues with the cybersecurity of these agencies per the report is the fact that they are still largely reliant on legacy systems that are expensive to maintain and difficult to properly secure. An update to a more modern IT infrastructure would almost certainly help bolster security. However, such an update does not yet appear to be anywhere on the horizon.

What makes this recent report even more concerning is the fact that it comes on the heels of a 2019 report which found that, in the decade spanning from 2008 to 2018, the same eight federal agencies failed to properly secure personally identifiable information, failed to install vendor-supplied security patches within an appropriate timeframe, and failed to maintain a list of all hardware and software used on agency networks. With the cyber realm quickly becoming the new field in which modern warfare is waged, such failings are certainly troubling, to say the least.