Skip to main content
  1. Home
  2. Computing
  3. News

The U.S. government is worse at cybersecurity than just about everyone else

Lulu Chang
By

Cybersecurity Act of 2012 SECURE IT Act
Image used with permission by copyright holder
Looking for another reason to mistrust the government? Its shoddy cybersecurity practices may be just the ammunition you need. New data from security risk benchmarking startup SecurityScorecard suggests that when it comes to safe practices online, U.S. federal, state, and local government agencies rank dead last in comparison to 17 major private industries, including transportation, retail, and healthcare. The report examined the “overall security hygiene and security reaction time” of government institutions, paying special attention to NASA, the FBI, and the IRS, all of which were hacked earlier this year.

Topics of interest included vulnerability to malware infections, exposure rates of passwords, and susceptibility to social engineering, among other criteria.

Recommended Videos

The results were none too complimentary for our government. “Across all industries surveyed by SecurityScorecard,” the report notes, “U.S. government organizations received the lowest security scores. SecurityScorecard tracked 35 data breaches among all U.S. government organizations between April 2015 and April 2016.”

Related

The biggest deficiencies were found within three categories of security; Malware Infections, Network Security, and Software Patching Cadence. Shockingly, 90 percent of state organizations scored an “F” in Software Patching Cadence, and 80 percent received the same score in Network Security.

But the worst offender of all was NASA, who received the lowest score among all 600 U.S. government organizations surveyed. Joining the bottom feeders were the U.S. Department of State, and the IT systems of Connecticut, Pennsylvania, and Washington.

The Obama administration has certainly made attempts to address the overarching insufficiency of cybersecurity practices currently in play across a range of agencies. President Obama has asked for $19 billion from Congress to improve tech defenses, including $3.1 billion to modernize the IT infrastructure at a number of federal agencies.

“With serious data breaches making headlines on what seems like a weekly basis, our team felt compelled to turn a spotlight on government agencies and determine which of them are demonstrating a commitment to securing their infrastructure and which are falling short,” said Dr. Luis Vargas, senior data scientist at SecurityScorecard. “The data we uncovered clearly indicates that while some are improving their security postures, too many are leaving themselves dangerously exposed to risks and vulnerabilities, especially at the larger federal level.”

Editors' Recommendations

Topics
Lulu Chang
Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
Jeep is launching its first two electric SUVs in the U.S. in 2024
Rendering of the Jeep Recon electric SUV.

Jeep will launch four electric SUVs for North America and Europe by the end of 2025, with at least two coming to the U.S., the automaker confirmed Thursday. While Jeep has some plug-in hybrids in its lineup, these will be the brand's first all-electric models.

The first of these models to launch will be the Jeep Recon, which is scheduled to start production in 2024, with reservations opening in early 2023. While it won't be fully revealed until next year, Jeep confirmed the Recon will have a "one-touch power top, removable doors, and glass," similar to the current Jeep Wrangler. While it doesn't replace the Wrangler, it's definitely inspired by the iconic off-roader, Jim Morrison, head of the Jeep brand in North America, said during a presentation of the electrification plan.

Read more
Google just thwarted the largest HTTPS DDoS attack in history
A depiction of a hacker breaking into a system via the use of code.

Google has confirmed that one of its cloud customers was targeted with the largest HTTPS distributed denial-of-service (DDoS) attack ever reported.

As reported by Bleeping Computer, a Cloud Armor client was on the receiving end of an attack that totaled 46 million requests per second (RPS) at its peak.

Read more
U.S. federal court system cyberattack is worse than previously thought
A large monitor displaying a security hacking breach warning.

A cyberattack incident that involved the U.S. federal court system infrastructure has been proven to be an “incredibly significant and sophisticated” attack.

This statement is a stark difference from the one initially provided when the situation occurred in 2020.

Read more