The Government Accountability Office released a report Tuesday concluding critical federal information systems are “not sufficiently protected to consistently thwart cyber threats,” which are “evolving and growing.”
According to the GAO, a majority of those threats come in the form of unauthorized access and improper use, from people who fall into several categories: Foreign spies, thieves, hackers, “hacktivists”—people who engage in “politically motivated” attacks on the Web to “send a political message”—terrorists and, “disgruntled insiders.”
Reported incidents of attempted and successful security breaches have more than tripled since 2006, to more than 16,000, all while the GAO has, over the last several years, submitted “hundreds of recommendations to [federal] agencies…to fully implement information security programs.”
The failure to completely enact those security programs has left 20 “major agencies” with “inadequate information system controls over financial systems,” according to the report. The GAO also cited cybersecurity “vulnerabilities” at the Tennessee Valley Authority, which controls more than 50 nuclear, hydroelectric and fossil fuel power plants, and the Los Alamos National Laboratory, one of the US’s nuclear weapons research sites.
Last month, Senators John Rockefeller (D-W. Va.) and Olympia Snowe (R-Maine) introduced a bill that would give the President and the Secretary of Commerce broad powers to shut down internet traffic in the case of a cyber threat. Without such action, Snowe said the US would risk experiencing a “cyber-Katrina.” The bill, the Cybersecurity Act of 2009, was referred to the Senate Committee on Commerce, Science and Transportation, which has yet to vote on it.