Key Issues > Cybersecurity Challenges Facing the Nation – High Risk Issue
information security icon, source: GAO

Cybersecurity Challenges Facing the Nation – High Risk Issue

The federal government needs to take urgent actions to protect federal systems, the nation’s critical infrastructure, and individual’s privacy and sensitive data from cyber threats.

  1. Share with Facebook 
  2. Share with Twitter 
  3. Share with LinkedIn 
  4. Share with mail 

Federal agencies and our nation’s critical infrastructure—such as energy, transportation systems, communications, and financial services—depend on IT systems to carry out operations and process essential data.

But the risks to these IT systems are increasing—including insider threats from witting or unwitting employees, escalating and emerging threats from around the globe, and the emergence of new and more destructive attacks. Rapid developments in new technologies, such as artificial intelligence, the Internet of Things, and ubiquitous Internet and cellular connectivity, can also introduce security issues. 

Over 35,000 security incidents were reported by federal executive branch civilian agencies to the Department of Homeland Security in fiscal year 2017.

Federal Information Security Incidents by Threat Vector Category, Fiscal Year 2017

Additionally, since many government IT systems contain vast amounts of personally identifiable information (PII), federal agencies must protect the confidentiality, integrity, and availability of this information—and effectively respond to data breaches and security incidents. Likewise, the trend in the private sector of collecting extensive and detailed information about individuals needs appropriate limits

To highlight the importance of these issues, GAO has designated information security as a government-wide high-risk area since 1997. This high-risk area was expanded in 2003 to include the protection of critical cyber infrastructure and, in 2015, to include protecting the privacy of PII.

Ten critical actions are needed to address four major cybersecurity challenges.

Ten Critical Actions Needed to Address Four Major Cybersecurity Challenges

GAO has made over 3,000 recommendations to federal agencies to address cybersecurity shortcomings—and about 700 have yet to be implemented. Until these shortcomings are addressed, federal IT systems and data will be increasingly susceptible to cyber threats.

Looking for our recommendations? Click on any report to find each associated recommendation and its current implementation status.

More Reports

More...

Podcasts

2015 Update to GAO's High Risk ListWednesday, February 11, 2015
  • portrait of Nick Marinos
    • Nick Marinos
    • Director, Information Technology and Cybersecurity
    • marinosn@gao.gov
    • (202) 512-9342
  • portrait of Gregory C. Wilshusen
    • Gregory C. Wilshusen
    • Director, Information Technology and Cybersecurity
    • wilshuseng@gao.gov
    • (202) 512-6244
  • portrait of Vijay D'Souza
    • Vijay D'Souza
    • Director, Information Technology and Cybersecurity
    • dsouzav@gao.gov
    • (202) 512-6769