Many federal agencies not prepared to respond to cyber incidents: GAO

Many federal agencies are not fully prepared to respond to cybersecurity incidents, the U.S. General Accountability Office said in a report issued Monday.

The report says that while 23 federal agencies’ chief financial officers have made progress in cybersecurity incident response preparedness, 20 have not met requirements for investigation and remediation capabilities.

“Until the agencies implement all event logging requirements, the federal government’s ability to fully detect, investigate and remediate cyber threats will be constrained,” the report says.

“The emergence of increasingly sophisticated threats and the frequency of cyber incidents underscore the continuing and urgent need for effective information security,” says the report which cites the Solar Wind and Colonial Pipeline attacks.

It said there were three major incidents all involving personally identifiable information during fiscal year 2022 at the Departments of Agriculture, Education and the Treasury, which “highlight the federal government’s need to be fully prepared” to respond to cybersecurity incidents.

It said agencies describe the key challenges that hinder their abilities to fully respond to cyber security incidents as lack of staff, technical challenges and limitations in cyber threat information sharing.

The report recommends that the U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency’s director update the departments’ cybersecurity response playbooks, and makes recommendations for individual departments to follow.