Federal agencies responsible for safeguarding millions of Americans' security, public safety and personal data have failed to apply even basic defenses to cyberattacks, Senate investigators said Tuesday.
The alarming warning comes after a 10-month review of 10 years of inspector general's reports by the Permanent Subcommittee on Investigations of the Senate Homeland Security Committee, NBC News reported.
The 99-page report accuses eight critical agencies, including the Department of Homeland Security, the State Department and the Social Security Administration, of:
- Having relied on outdated systems — at least one of them almost 50 years old.
- Having neglected to keep track of hardware and software.
- Having failed to apply mandatory security patches.
- Having ignored well-known threats and weaknesses, in some cases for more than a decade.
The failures worsened even as the number of cyberincidents reported by federal agencies exploded from about 5,500 in 2006 to more than 77,000 in 2015, a 13-fold increase, investigators said. Reported incidents dropped by 56 percent in 2017, they said, but only because the rules changed to allow agencies to report fewer kinds of attacks, including hostile network scans and probes.