“The Government Accountability Office released its biennial list of high-risk government programs. Federal IT and cybersecurity issues remained on the list, with the latter getting worse since the last report.
‘Our overall conclusion is that there’s been limited progress in the majority of the high-risk areas,’ Comptroller General Gene Dodaro, who leads GAO, said Tuesday in a House Oversight and Reform hearing…”
“While 2020 was a tough year for federal cybersecurity—from relatively minor breaches to one of the largest hacking campaigns in history—government efforts remained steady for four out of five metrics. Cybersecurity efforts stayed flat at ‘partially met’ for demonstrated progress, monitoring, action plan and capacity.
However, GAO docked the previous administration under ‘leadership commitment,’ citing the ‘elimination of the White House cybersecurity coordinator position in May 2018.’ That metric fell from ‘met’ to ‘partially met.’…”
“‘In our report, we talk about the weaknesses in the IT supply chain, which was one of the problems that led to the SolarWinds attack,’ Dodaro said, putting IT supply chain on the same level as leadership issues. ‘We made 145 recommendations to agencies to implement better practices to manage their IT supply chains—that goes to the heart of the SolarWinds incident.’…”
“While IT supply chain is a significant cybersecurity issue, acquisition of new technologies and maintenance of expensive, aging legacy systems continues to be its own category on the list…”
“’Of the 10 agencies responsible for these legacy systems, seven agencies had documented plans for modernizing the systems,’ the report states. ‘However, most lacked the key elements identified in best practices—milestones, a description of the work necessary to complete the modernization and a plan for the disposition of the legacy system. The remaining three agencies did not have documented modernization plans.’…” Read the full article here.
Source: Cybersecurity and IT Remain Top Concerns on GAO’s High-Risk List – By Aaron Boyd, March 2, 2021. Nextgov.