A Senate report out Tuesday called several federal agencies to the carpet for weak cybersecurity practices. Among other things, the 47-page report from the Homeland Security and Governmental Affairs Committee said seven of the eight federal agencies reviewed had failed to implement baseline cybersecurity practices to protect personally identifiable information, creating a significant privacy and security risk for Americans' data.
The report also found that some agencies failed to install basic security updates and patches, while others were using unauthorized systems. Seven of the agencies were using legacy or outdated systems.
"From SolarWinds to recent ransomware attacks against critical infrastructure, it's clear that cyberattacks are going to keep coming and it is unacceptable that our own federal agencies are not doing everything possible to safeguard America's data," said Republican Sen. Rob Portman, the ranking member of the committee.
The SolarWinds hack hit a number of federal agencies. Victims included high-level officials at the Department of Homeland Security, showing that not even the government agency in charge of defending the US from foreign hacks was immune from the growing threat of cyberattacks. The Biden administration recently unveiled several efforts to shore up cybersecurity practices across federal agencies, including an executive order and a $20 billion plan to secure the country's infrastructure against cyberattacks.
The agencies reviewed in the bipartisan report include the Department of Homeland Security, the Department of State, the Department of Transportation, the Department of Housing and Urban Development, the Department of Agriculture, the Department of Health and Human Services, the Department of Education and the Social Security Administration.