U.S. Federal Agencies Score Terribly on Cybersecurity

Image for post
Image for post

The May 2018 Federal Information Technology Acquisition Reform Act (FITARA) scorecardreported dismal cybersecurity preparedness for U.S. federal agencies. FITARA now includes a metric for grading agency cybersecurity postures, tied to the Federal Information Security Management Act (FISMA).

Of the 23 agencies:
9 — Failed (grade F)
9 — Received a D
5 — Earned a C which was the highest grade achieved by any agency

Image for post
Image for post

The report also indicated federal IT systems are increasingly obsolete with outdated software and hardware. In at least one case an agency was using systems over 50 years old.

There is significant room for improvement. Until then, the U.S. federal infrastructure and services are at significant risk from digital attacks.

The upside is the fact that cybersecurity postures are being measured consistently and reported. It is tough to make headway if decent metrics do not exist. Quantifying the problem is a step in the right direction.

Watch the Congressional Committee on Oversight & Government Reform hearing

Subcommittee on Information Technology and subcommittee on Government Operations announce and discuss the latest results:

Ego Beyond Reality

It is easy to believe your organization is doing well if there aren’t any credible audit results to the contrary. The FITARA report card should help federal agencies understand where they truly stand.

For example, it is tough to reconcile how the Department of Homeland Security wants to train businesses on cybersecurity, yet themselves score so poorly. Most recently, they scored a D grade on FITARA for cyber.

A realistic understanding of the landscape and threats is necessary to properly manage risk. Knowing your deficiencies is a crucial part necessary for success.

The May 2018 FITARA 6.0 Scorecard can be found here: https://oversight.house.gov/wp-content/uploads/2018/05/OGR-Scorecard-6.0-v2.pdf

Interested in more? Follow me on your favorite social sites for insights and what is going on in cybersecurity: LinkedIn, Twitter (@Matt_Rosenquist), YouTube, Information Security Strategy blog, Medium, and Steemit

Written by

Cybersecurity Strategist and CISO specializing in the evolution of threats, opportunities, and risks in pursuit of optimal security

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store