According to a report by the Government Accountability Office, of 1,610 cybersecurity recommendations for federal agencies, approximately 570 remained unimplemented as of May 2024, hindering the government’s ability to protect sensitive systems, critical infrastructure and confidential data from hackers.
As of last month, government agencies had implemented 1,043 GAO recommendations issued since 2010 to address “challenge areas” related to protecting government systems, but 567 of those recommendations remain open.
“This increases the risk that the nation will be ill-prepared to respond to cyber threats that could cause serious harm to public safety, national security, the environment, and economic prosperity,” the GAO inspectors general said. paperThe watchdog group High Risk Series It focuses on programs that require rapid cost review, new management and transformation.
The audit, which has been underway since December, said the government needs to improve federal efforts, including strengthening data privacy, strengthening government-wide cyber implementation initiatives and reducing risks in the software supply chain.
The reasons why those recommendations have not yet been implemented vary by agency, Marisol Cruz-Cain, GAO’s director for IT and cybersecurity, said in a conference call with reporters ahead of the release of the findings.
In most cases, it comes down to legacy IT systems that are reliable for everyday agency operations, but no longer receive regular security updates pushed out by their manufacturers, increasing the potential for exploitation.
“This is a challenge that requires planning,” she says. “You need a budget. You need the right technology to replace very old technology with newer technology and make sure it works in your environment with all the other technology.”
Civilian agencies have faced a myriad of cyber threats over the past year, and the White House’s fiscal 2025 budget request could see a 10% increase in cybersecurity funding, though the final number could change as Congress considers spending bills in the coming months.
Federal agencies reported 32,211 cyber incidents to the Cybersecurity and Infrastructure Security Agency, up from 29,319 during the same period last year, and observed hacking attempts increased by nearly 10%, according to an OMB report released last week.