The Senate subcommittee report said eight federal departments, including the Department of Homeland Security, have regularly failed to fix cybersecurity vulnerabilities flagged by inspectors general reports. File Photo by Michael Reynolds/UPI | License Photo
June 26 (UPI) -- Federal agencies have failed to address key weaknesses in their cybersecurity defenses, leading to hackings and data theft over the past decade, a Senate report said Wednesday.
The Senate Homeland Security and Governmental Affairs Committee's Permanent Subcommittee on Investigations released the report at the end of a 10-month investigation of the federal government's cybersecurity infrastructure. It based its findings on 10 years of reports from inspectors general.
The watchdog reports concerned eight federal agencies, including the Department of Homeland Security, the State Department, the Department of Transportation, the Department of Housing and Urban Development, the Department of Agriculture, the Department of Health and Human Services, the Department of Education and the Social Security Administration.
The subcommittee report detailed ways in which the personal information of government employees and average Americans, as well as vital information pertaining to national security have been left vulnerable by cybersecurity shortfalls.
The review found that:
-- Seven agencies failed to protect personally identifiable information.
-- Five agencies didn't keep an accurate list of information technology assets, meaning not all assets could be properly secured.
-- Six agencies failed to install security patches, allowing hackers to exploit vulnerabilities.
-- All agencies used older computer systems that are more difficult to secure.
Though inspectors general notified the departments of these vulnerabilities, the agencies failed to comply with recommendations.
"Given the sustained vulnerabilities identified by numerous Inspectors General, the Subcommittee finds that the federal government has not fully achieved its legislative mandate under [Federal Information Security Management Act] and is failing to implement basic cybersecurity standards necessary to protect America's sensitive data," the report said.