The Government's Lagging Cybersecurity

When thinking about the places that our most sensitive information is housed, your mind probably goes to one of a few places.  First, there’s the healthcare industry, where some of our most intimate data resides.  Next might be tech giants like Google and Facebook that have their finger on the pulse of everything we do online.  There’s also certainly the government, which has been keeping tabs on us since the day we were born.

While data breaches in tech and healthcare have certainly grabbed headlines, it seems that many government agencies are woefully unprepared regarding their cybersecurity.  The Senate’s Homeland Security and Government Affairs Committee recently published a report after reviewing 10 years of agency reports, finding that agencies were consistently underperforming, often neglecting to install security patches in their most important software.  This are even vulnerabilities at Homeland Security, which is supposed to be overseeing the government’s cybersecurity posture, and as many as 76 high-risk and 500 medium-risk vulnerabilities in networks at the State Department.

The report summed up a number of issues, noting that many have been occurring for years.  And not only have issues been present for years, but the software agencies are running has been around for years as well.  In the last four years agencies have been running unsupported operating systems like Windows XP and Windows 2003.

This is a big deal because government agencies are a frequent target when it comes to cyber-attacks.  2017 alone saw 35,000 events reported to Homeland Security.  Despite mandates for federal agencies to improve their technology, many agencies are still falling short on simple requirements, like maintaining a list of the applications they’re using.

The committee summarized by giving these nine recommendations to improve the state of security:

  • Implement risk-based budgeting

  • Consolidate security processes and capabilities

  • Ensure full authority on cybersecurity for CIOs

  • Confirm CIOs are reporting on information security to agency heads

  • Prioritize cybersecurity hiring

  • Conduct regular in-person cybersecurity reviews

  • More thoroughly vet new shared services

  • Include cybersecurity progress reports in annual budget submissions

  • Create cybersecurity remediation task dashboards to be shared with Congress

At Extract, we know that sensitive information resides in many documents, and not just the ones living on internal government networks.  That’s why we’ve worked with 400 state and local governments to redact sensitive information on documents like court filings and land records.  Rather than having employees manually search through documents, our software reads them like a human would, identifies sensitive information, and permanently conceals it.  If you’d like to learn more about how we do this, please reach out today.

About the Author: Chris Mack

Chris is a Marketing Manager at Extract with experience in product development, data analysis, and both traditional and digital marketing.  Chris received his bachelor’s degree in English from Bucknell University and has an MBA from the University of Notre Dame.  A passionate marketer, Chris strives to make complex ideas more accessible to those around him in a compelling way.