GAO audit finds federal networks still vulnerable to attack

It has been an embarrassing year for the U.S. government, at least as far as network security goes. Various government agencies have revealed massive data breaches, including the IRS, which left hundreds of thousands of tax payers vulnerable, and the Office of Personnel Management, which had data on millions of federal workers compromised. Agencies have vowed to increase their network security as a result, but a new audit reveals that many still remain vulnerable.

The Government Accountability Office (GAO) released an audit yesterday, saying it found "persistent weaknesses" across two dozen federal agencies. These weaknesses include subpar methods for preventing hackers from accessing a network, identifying when a hack has taken place, and dealing with any cyberattacks.

This isn't the first such audit performed by the GAO; in the past, it has provided information to agencies on steps that need to be taken to fix so-called "deficiencies" in their systems. According to the latest report, "many of these recommendations remain unimplemented." The OPM had previously been criticized for reportedly failing to implement such recommendations.

The processes to implement the needed risk management policies were cited as the common source of weakness among many federal agencies. According to The Hill, Senator Tom Carper said the Federal Information Technology Acquisition Reform Act and Federal Information Security Act have both been updated since the audit took place.

SOURE: The Hill