New findings in bipartisan report released this week highlight how over half-dozen agencies failed to vulnerabilities in their IT infrastructure — with some weaknesses persisting for as long as a decade.
The report is the culmination of a 10-month probe by the Permanent Subcommittee on Investigations. The committee looked at 10 years of inspectors general reports on compliance with federal information security standards for the departments of Homeland Security, State, Transportation, Housing and Urban Development, Agriculture, Health and Human Services, Education and the Social Security Administration.
Among the key findings: seven agencies failed to protect personally-identifiable information, six agencies failed to patch their systems in a timely manner and five agencies lacked accurate and comprehensive IT asset inventories. Additionally, all eight agencies had legacy systems no longer supported by the vendors.
Some of the agencies’ unresolved cybersecurity shortcomings date back 10 years. DHS, for example, didn’t take steps to address IT security weaknesses for at least a decade. USDA had “reoccurring cybersecurity issues that have persisted for as long as 10 years,” and HHS has “longstanding cybersecurity weaknesses, including some identified nearly a decade ago,” according to the report.