A new report points a finger at “insider threats” from federal workers on the government’s vast cyber and computer system, joining “foreign nations” as a danger to sensitive and classified information and even personal info.
The General Accountability Office also declared frustration with the Obama administration in its new report over its failure to implement 1,000 security fixes needed to close the door to hackers, inside and out.
While the review of U.S. cyber effectiveness was done before President Trump took office, it provides fresh evidence that both foreign actors and insiders are a hacking threat to government systems.
Trump and his White House have recently been the target of several top secret leaks, including those that led to the resignation of national security advisors Michael Flynn. Some reports today suggest insiders leaked the information to embarrass the new administration and show that Flynn lied about his conversations with Russian officials to Vice President Pence.
The GAO report, requested by Rep. Barbara Comstock, the northern Virginia Republican who represents thousands of federal workers, is blunt in its assessment of the threats to cybersecurity.
“Federal systems and networks are also often interconnected with other internal and external systems and networks including the Internet, thereby increasing the number of avenues of attack and expanding their attack surface,” said the report.
“Risks to cyber assets can originate from unintentional and intentional threats. These include insider threats from disaffected or careless employees and business partners, escalating and emerging threats from around the globe, the steady advances in the sophistication of attack technology, and the emergence of new and more destructive attacks,” it added, pointing a finger to federal insiders.
In testimony to Comstock’s subcommittee this week, Gregory Wilshusen, director of information security issues for GAO, hit the government for failing to act on 1,000 of 2,500 cybersecurity recommendations it has made over.
“Many agencies continue to be challenged in safeguarding their computers and information in part because many of these recommendations have not yet been implemented as of January 2017,” he said. “About 1,000 of our recommendations have not been implemented,” he added.
Paul Bedard, the Washington Examiner’s “Washington Secrets” columnist, can be contacted at [email protected]
