Federal agencies must step up cybersecurity: GAO

Federal agencies must do a better job securing internet-connected devices, among other cybersecurity measures, the U.S. Government Accountability Office said in a report issued Thursday.

The GAO said while it has made about 335 recommendations in public reports since 2010 on federal agencies’ and the nation’s critical infrastructure’s technology systems, about 190 of them were not fully implemented as of December.

“Federal agencies rely extensively on information and communications technology products and services to carry out their operations,” but “face numerous ICT supply chain risks, including threats posed by counterfeiters who may exploit vulnerabilities in the supply chain,” the report said.

Among other specific findings, the report said the Office of Management and Budget and the Department of Homeland Security have “partially addressed most of the key practices associated with effective reforms,” but have not established a dedicated implementation team or a government-wide implementation plan, among other practices.

The report also said quantum computing can potentially create major cybersecurity risks, and federal oversight considerations must evolve as artificial intelligence technologies advance.