A new report from a United States Senate Committee gave 24 US department and agencies an average grade of C- in cybersecurity.
That’s not good.
Making it worse, of the agencies evaluated in the 2019 report, only DHS made substantial improvements to their cybersecurity posture.
Root Cause?
Digging deeper into the report, the same key issues were highlighted time and time again.
Failure to identify IT assets, not addressing vulnerabilities, using unsupported systems, not including security in the process, and more.
These are definitely cybersecurity issues. But, their root cause is in poorly run IT systems and processes.
IT Practice
Running IT well at scale is hard.
Doing it while constrained with lowest bid winners, long procurement, and chronic underfunding is damn near impossible.
These cybersecurity issues are largely a result of these issues. Trying to mitigate these issues purely with cybersecurity controls and practice is akin to trying to carry water in a sieve.
It’s just not going to work.
Discussion
the US government recently released a report on the state of cybersecurity within the federal government.
overall, 24 departments and agencies averaged a C-
not good...some thoughts
🧵 #infosec #cybersecurity pic.twitter.com/IOifxoIkk5— Mark Nunnikhoven (@marknca) August 4, 2021