Thanks to efforts from the Department of Homeland Security’s Computer Emergency Readiness Team, today’s cyber intelligence is more robust than ever. Among private-sector security professionals, the CERT team is considered a leading source of information regarding cyber threats and defense strategies. However, despite CERT leading the charge on cyber security, many federal agencies are lagging behind when it comes to protecting their assets.
This is not merely a matter of opinion. In September 2017 the Government Accountability Office conducted an in-depth study of federal agencies and found persistent weaknesses in cyber security practices. This is despite the security innovations of the last decade. Agencies’ struggles with cyber security places the United States at risk. The significant areas of risk GAO found included the following:
Weak access controls. Digital or physical access controls prevent unauthorized access to data or other sensitive resources and include boundary protection, user ID/authentication, authorization, encryption, log audits/monitoring and physical security. According to GAO, 24 federal agencies had glaring weaknesses in these at least one of these areas. and 516 access control weaknesses were identified. Continue reading on GCN.