Personnel Office Not the Worst in Terms of Lax Cybersecurity

The federal government has for years failed to take basic steps to protect its data from hackers and thieves, putting at risk everything from nuclear secrets to the private tax information of hundreds of millions of Americans, records show.

In the latest example, the Office of Personnel Management is under fire for allowing its databases to be plundered by suspected Chinese cyberspies in what is being called one of the worst breaches in U.S. history. OPM repeatedly neglected to implement basic cybersecurity protections, its internal watchdog told Congress.

But the departments of Treasury, Transportation, State and Health and Human Services have significantly worse records, according to the most recent administration report to Congress under the Federal Information Security Management Act. Each of those agencies has been hacked in the last few years.

"Last year, across government, we the American people spent almost $80 billion on information technology, and it stinks," said Rep. Jason Chaffetz, R-Utah, chairman of the House Oversight and Government Reform Committee. "It doesn't work."

On Wednesday, Senate Majority Leader Mitch McConnell called the state of federal cybersecurity "alarming" and "scary."

Congress can hardly escape all blame. While President Barack Obama's latest budget plan called for a $14 billion increase for cyberdefenses, the House proposed a budget in March that didn't include specific funding for cybersecurity. Nor has Congress imposed much accountability on agencies that suffer breaches.

The security lapses have persisted even as cyberattacks on government networks have increased. The federal government dealt with 67,196 cyber incidents in the last fiscal year, up from 57,971 incidents the year before, according to the White House report card, which was published in February. Missing from that document is an accounting of how many hacks were successful and what was stolen.

It's not a new problem. The Government Accountability Office has labeled federal information security a "high-risk...

Comments are closed.