Skip to main content
  1. Home
  2. Computing
  3. News

The U.S. government is worse at cybersecurity than just about everyone else

Lulu Chang
By

Cybersecurity Act of 2012 SECURE IT Act
Looking for another reason to mistrust the government? Its shoddy cybersecurity practices may be just the ammunition you need. New data from security risk benchmarking startup SecurityScorecard suggests that when it comes to safe practices online, U.S. federal, state, and local government agencies rank dead last in comparison to 17 major private industries, including transportation, retail, and healthcare. The report examined the “overall security hygiene and security reaction time” of government institutions, paying special attention to NASA, the FBI, and the IRS, all of which were hacked earlier this year.

Topics of interest included vulnerability to malware infections, exposure rates of passwords, and susceptibility to social engineering, among other criteria.

Related Videos

The results were none too complimentary for our government. “Across all industries surveyed by SecurityScorecard,” the report notes, “U.S. government organizations received the lowest security scores. SecurityScorecard tracked 35 data breaches among all U.S. government organizations between April 2015 and April 2016.”

The biggest deficiencies were found within three categories of security; Malware Infections, Network Security, and Software Patching Cadence. Shockingly, 90 percent of state organizations scored an “F” in Software Patching Cadence, and 80 percent received the same score in Network Security.

But the worst offender of all was NASA, who received the lowest score among all 600 U.S. government organizations surveyed. Joining the bottom feeders were the U.S. Department of State, and the IT systems of Connecticut, Pennsylvania, and Washington.

The Obama administration has certainly made attempts to address the overarching insufficiency of cybersecurity practices currently in play across a range of agencies. President Obama has asked for $19 billion from Congress to improve tech defenses, including $3.1 billion to modernize the IT infrastructure at a number of federal agencies.

“With serious data breaches making headlines on what seems like a weekly basis, our team felt compelled to turn a spotlight on government agencies and determine which of them are demonstrating a commitment to securing their infrastructure and which are falling short,” said Dr. Luis Vargas, senior data scientist at SecurityScorecard. “The data we uncovered clearly indicates that while some are improving their security postures, too many are leaving themselves dangerously exposed to risks and vulnerabilities, especially at the larger federal level.”

Editors' Recommendations

Topics
Europe just suffered its worst DDoS attack ever, but we don’t know why
A depiction of a hacker breaking into a system via the use of code.

A record-breaking distributed denial-of-service (DDoS) attack situated within Europe was attempted during July, a new report has confirmed, but the lack of details on the target leaves the motive undetermined.

The largest DDoS attack ever detected in European-based regions was revealed by cybersecurity and cloud service firm Akamai, who said the target was one of its own customers.

Read more
Alaska Airlines to offer digital baggage tags in U.S. first
Alaska Airlines' digital baggage tags.

As part of efforts to make its service more efficient, Alaska Airlines is to start offering some of its passengers digital baggage tags in what it claims is a first for U.S carriers.

This means that both Alaska Airlines passengers and check-in staff will no longer have to deal with traditional baggage tags, a move that will save not only paper but also everyone’s valuable time.

Read more
Intel’s mysterious gaming bus might hold a U.S. launch for Arc Alchemist
Intel's mobile gaming cafe.

Intel has just revealed that it will be bringing a gaming bus to LANfest, set to take place on September 30 in Colorado. The bus will arrive fully decked out with Intel hardware, including what seem to be the desktop versions of Intel Arc.

Given the delayed release of Intel Arc, this might be the first time we get to see the GPUs in action outside of China. Will Intel surprise us with an earlier release date?

Read more