A July 21 report from the Environmental Protection Agency (EPA) Office of the Inspector General (OIG) prioritizes enhancing IT to combat cyberthreats as one of EPA’s top Fiscal Year 2020-2021 management challenges.
According to the OIG, the COVID-19 pandemic demonstrated an increased need for both a strong IT workforce and enhanced cybersecurity. As the agency adapted its network for a telework environment, IT employees became overtaxed trying to manage the changing landscape. Beyond the pandemic, however, EPA still needs better processes for overseeing information security, the report states.
“EPA continues to face a challenge in implementing a vigorous cybersecurity program that strengthens its network defenses and data security in a time of ever-increasing threats to Federal government networks,” the OIG wrote.
While EPA has developed extensive policies to address its cybersecurity struggles, auditors reported a decentralized implementation of those procedures. “A lack of centralized oversight and reporting prevents the Agency from realizing a fully implemented information security program capable of effectively managing the remediation of known and emerging security threats,” the report says.
To mitigate the cybersecurity concerns, the OIG recommends that EPA meet outstanding recommendations. A March 2020 OIG report, for example, recommended that EPA develop and maintain an up-to-date inventory of its software, ensure that personnel are creating required plans of action for addressing security weaknesses, and implement tech to support incident response.
Other top EPA management challenges that OIG noted include maintaining operations during the pandemic, complying with key internal control requirements, improving workforce analyses, and communicating environment risks to the general public.
