The Federal Communications Commission (FCC) has yet to fully address cyber-security risks in its systems, a newly published report from the United States Government Accountability Office (GAO) reveals.
In September 2019, GAO issued a report on the FCC’s cyber-security stance, making a total of 136 recommendations for improvements to be made to various systems. As of November 2019, the Commission had implemented 63% of these.
However, 7% of the recommendations were only partially implemented and 30% were not implemented at all as of November 2019, although the FCC is planning on fully implementing all recommendations by April 2021.
“Until FCC fully implements these recommendations and resolves the associated deficiencies, its information systems and information will remain at increased risk of misuse, improper disclosure or modification, and loss,” GAO notes in the newly published report (PDF).
GAO started looking into the FCC’s security posture after a surge of more than 22 million comments on net neutrality disrupted the Commission’s Electronic Comment Filing System (ECFS) in 2017, and discovered numerous deficiencies in core security functions.
The 136 recommendations were made to address issues related to “identifying risks, protecting systems from threats and vulnerabilities, detecting and responding to cyber security events, and recovering system operations.”
These deficiencies, GAO says, increased the risk of unauthorized disclosure or modification of sensitive information, and could also make such information unavailable when needed.
GAO reviewed three of the FCC’s systems and issued recommendations on addressing the discovered issues. As of November 2019, the FCC implemented 85 of the recommendations and partially implemented 10 of them, but had not started implementing 41 of the recommendations.
Analysis of the FCC’s systems revealed that the ..
Support the originator by clicking the read the rest link below.
