trending Market Intelligence /marketintelligence/en/news-insights/trending/mqdfmiwtygyh9xfbyj5tnq2 content esgSubNav
In This List

White House report reveals cybersecurity gaps among federal agencies

Blog

Broadcast deal market recap 2021

Blog

Volume of Investment Research Reports on Inflation Increased in Q4 2021

Blog

Price wars in India: Disney+ Hotstar vs. Amazon Prime Video vs. Netflix

Blog

Using ESG Analysis to Support a Sustainable Future


White House report reveals cybersecurity gaps among federal agencies

A government-wide review examining the security of federal agencies found that a majority of the agencies have cybersecurity programs that are not equipped to detect and handle cyberattacks.

The report, released by the White House Office of Management and Budget, examined 96 agencies and found that 71 relied on cyber programs deemed "at risk or high risk." Specifically, 12 agencies had "high risk" programs, meaning key cybersecurity tools were either not in place or not deployed sufficiently. Fifty-nine agencies had "at risk" programs, which means some essential policies were in place to combat cybersecurity risk, but significant gaps exist.

The remaining 25 agencies had "managing risk" programs, or those that instituted the required policies and tools to actively manage cybersecurity risks.

Two major areas of risk within the agencies include shortages of experienced cybersecurity personnel and the high costs associated with modernizing information technology capabilities, the report said.

In addition, federal agencies possess neither robust risk management programs nor consistent methods for notifying leadership of cybersecurity risks across the agency, it said. It noted that in contrast to federal agencies' approach to transparency and accountability, the Securities and Exchange Commission requires publicly traded companies to file quarterly and annual reports to inform shareholders of risks, including cybersecurity risks.

"Federal agencies would benefit from a similar process that tracks quarterly performance against strategic performance targets, communicates the resulting risks to stakeholders, and provides a sense of the return on investment for cybersecurity protections over time," the report said.

While the report did not identify the agencies, it outlined four recommendations to help the agencies better guard themselves against digital threats.

The recommendations include the use of a set framework across agencies to identify and categorize cybersecurity risks; the standardization of various cybersecurity tools to better control costs; the consolidation of the teams within agencies that respond to cybersecurity threats; and the increased accountability and transparency for top agency officials.

The review was commissioned last year under President Donald Trump's executive order on strengthening the cybersecurity of federal networks and critical infrastructure.

The administration recently eliminated its cyber policy adviser role, a key position aimed at facilitating the government's overall approach to cybersecurity policy and digital warfare.

The news came shortly after Rob Joyce, the latest official to hold the cybersecurity coordinator role, left the White House to return to the National Security Agency.