Improving cybersecurity has become the key to better protecting critical infrastructure and meeting mission needs within the government space, but according to an official from the Government Accountability Office (GAO), Federal agencies still have a long way to go to be cyber-ready.
Kevin Walsh, director of Information Technology and Security at GAO, explained at a Jan. 11 event organized by GovExec that Federal agencies currently face four major cybersecurity challenges: establishing a comprehensive strategy and performing effective oversight; securing Federal systems and information; protecting critical cyber infrastructure; and protecting privacy and sensitive data.
To solve these challenges, agencies must focus on big issues including “training, that every and any corresponding cyber guidance is up to date, enabling multifactor identification, and more importantly move to a zero trust environment,” Walsh said.
Cybersecurity continues to be a critical challenge for the Federal government. A recent FISMA report from the Office of Management and Budget noted that in fiscal year (FY) 2020, agencies reported 30,819 cybersecurity incidents to the U.S. Computer Emergency Readiness Team.
Walsh said that incidents labeled as moderate/higher risk level could be attributed to a lack of proper cyber hygiene.
“Cyber hygiene is a critical tool we need to mitigate cyber incidents. The workforce is at the forefront of agency security. Clear communication within an agency about cyber processes and what not to do is the most important step agencies must take, but there is still work to be done in that arena,” Walsh said. “Federal agencies need to move with greater urgency to improve cybersecurity as the country faces grave and rapidly evolving threats.”
Walsh also said that agencies continue to face challenges only with mounting cyber threats, but also in setting up internal processes to classify and report cyber incidents. President Biden’s cyber executive order addresses standardizing Federal cybersecurity vulnerability and incident response procedures, vulnerability and incident detection, and investigative and remediation capabilities. However, Walsh said it’s still too early to tell if and how these and other new White House efforts may impact.
“I am hopeful, but I also remain cautiously optimistic. We have a lot of work to do to be cyber-ready and to do so, we need to send a clear message of just how important this issue is and get us all on the same page,” he said.