Senate report slams federal agencies over cybersecurity failures

An investigation finds eight federal agencies failed to implement baseline cybersecurity practices, leaving Americans' data vulnerable.

Rae Hodge Former senior editor
Rae Hodge was a senior editor at CNET. She led CNET's coverage of privacy and cybersecurity tools from July 2019 to January 2023. As a data-driven investigative journalist on the software and services team, she reviewed VPNs, password managers, antivirus software, anti-surveillance methods and ethics in tech. Prior to joining CNET in 2019, Rae spent nearly a decade covering politics and protests for the AP, NPR, the BBC and other local and international outlets.
Rae Hodge
2 min read

Is the door locked?

Angela Lang/CNET

A Senate report out Tuesday called several federal agencies to the carpet for weak cybersecurity practices. Among other things, the 47-page report from the Homeland Security and Governmental Affairs Committee said seven of the eight federal agencies reviewed had failed to implement baseline cybersecurity practices to protect personally identifiable information, creating a significant privacy and security risk for Americans' data. 

The report also found that some agencies failed to install basic security updates and patches, while others were using unauthorized systems. Seven of the agencies were using legacy or outdated systems. 

"From SolarWinds to recent ransomware attacks against critical infrastructure, it's clear that cyberattacks are going to keep coming and it is unacceptable that our own federal agencies are not doing everything possible to safeguard America's data," said Republican Sen. Rob Portman, the ranking member of the committee.

The SolarWinds hack hit a number of federal agencies. Victims included high-level officials at the Department of Homeland Security, showing that not even the government agency in charge of defending the US from foreign hacks was immune from the growing threat of cyberattacks. The Biden administration recently unveiled several efforts to shore up cybersecurity practices across federal agencies, including an executive order and a $20 billion plan to secure the country's infrastructure against cyberattacks. 

The agencies reviewed in the bipartisan report include the Department of Homeland Security, the Department of State, the Department of Transportation, the Department of Housing and Urban Development, the Department of Agriculture, the Department of Health and Human Services, the Department of Education and the Social Security Administration.