• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • SCB YouTube
  • Login
  • Subscribe
  • Logout
  • My Profile
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
    • Webinar Library
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » U.S. Agencies Failed to Heed Cybersecurity Warnings, GAO Says

U.S. Agencies Failed to Heed Cybersecurity Warnings, GAO Says

U.S. Agencies Failed to Heed Cybersecurity Warnings, GAO Says
December 17, 2020
Bloomberg

As details of the most audacious hack on the U.S. government in recent memory continued to stun lawmakers and the public, a government watchdog released a blistering report saying that federal agencies have failed to implement key safeguards for their information technology supply chains.

The report by the U.S. Government Accountability Office was completed in October but only made public on Tuesday in the wake of the recent attacks, which are believed to be the work of elite Russian hackers. It found that 14 out of the 23 surveyed federal agencies hadn’t implemented any of the “foundational practices” to protect their “information and communications technology” supply chains that were recommended in 2015 by a government standards group.

None of the agencies had implemented all the recommended changes. Among the agencies surveyed were several that were hacked by suspected Russian attackers: Commerce, Treasury and State.

Lawmakers who received a recent classified briefing on the attack indicate that it is among the most serious in recent years. Senator Richard Blumenthal, the Connecticut Democrat, said in a tweet Tuesday that the briefing left him “deeply alarmed, in fact downright scared.” Dick Durbin, the Senate’s second highest-ranking Democrat, said on CNN Wednesday that the hack was “virtually a declaration of war.”

The Office of Management and Budget required the agencies in 2016 to implement the recommendations, which were made by the National Institute of Standards and Technology, according to the GAO.

“Supply chains are being targeted by increasingly sophisticated threat actors, including foreign cyber threat nations such as Russia, China, Iran and North Korea,” the report states. “Attacks by such entities are often especially sophisticated and difficult to detect.” The report warns of hackers inserting a so-called ‘backdoor’ into the supply chain, which appears to be exactly what happened in the attack on federal agencies.

The report offers the first clues to a crucial question about the recent cyberattack: how did the U.S. government miss hackers in the computer networks of so many agencies?

Those hackers are believed to be tied to the Russian government, and they also breached the Department of Homeland Security and parts of the Pentagon, according to a person familiar with the matter. The hackers installed a malicious vulnerability, or backdoor, in a popular software product made by information technology provider SolarWinds Corp., whose customers include numerous U.S. government agencies and Fortune 500 companies, according to the company and cybersecurity experts.

It remains unclear what the hackers accessed, or how many agencies and other entities were successfully breached.

Representatives at GAO and OMB didn’t return a message seeking comment.

The GAO report also warned of the potentially dire consequences of a successful supply-chain attack.

“For example, threat actors could take control of federal information systems; decrease the availability of materials or services needed to develop systems; destroy systems, causing injury and loss of life, and compromising national security; or steal intellectual property and sensitive information,” the report says.

Federal agencies remain vulnerable to supply-chain attacks until they implement all the recommended changes, the GAO said. Until then, according to the report, “They will continue to be vulnerable to malicious actors that could exploit the ICT supply-chain risks to disrupt mission operations, cause harm to individuals or steal intellectual property.”

RELATED CONTENT

RELATED VIDEOS

Data Management (Big Data/IoT/Blockchain) Technology Supply Chain Security & Risk Mgmt
  • Related Articles

    Federal Agencies' Focus on U.S. Port Cybersecurity 'Limited', GAO Says

    Hackers Used Obscure Texas IT Vendor to Attack U.S. Agencies, Top Corporations

    There Are New Opportunities to Market Cloud-Based Offerings to U.S. Government Agencies

Bloomberg

Amtrak Bottleneck Turns Biden’s Focus to His Favorite Rail Route

More from this author

Subscribe to our Daily Newsletter!

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • A MAN IN A SUIT SHAKES HANDS WITH A WOMAN IN A HARD HAT, NEXT TO A STACK OF CONTAINERS

    Three Procurement Technology Evolutions for 2023

    Sourcing/Procurement/SRM
  • DOCUMENTS BEARING THE INSIGNIA OF US CUSTOMS AND BORDER PROTECTION LIE ON A TABLE

    New CBP Regs Call for Greater Diligence by Brokers in Reporting Security Breaches

    Freight Forwarding/Customs Brokerage
  • The blank stare of a child's eye who is standing behind what appears to be a wooden frame

    The Alarming Continued Rise of Modern Slavery in Supply Chains: How Procurement Can Help Reverse the Trend

    Sourcing/Procurement/SRM
  • A WORKER IN A WAREHOUSE, SUPERIMPOSED WITH GRAPHICS SHOWING SUPPLY NETWORK

    Enabling Intelligent Visibility With Supply Chain Analytics

    Data Management (Big Data/IoT/Blockchain)
  • A GROUP OF WORKERS RANGED IN AN OFFICE, OF DIVERSE RACE, GENDER, AGE AND PHYSICAL ABILITY

    Podcast | The Supply Chain Workforce of the Future Is Already Here

    HR & Labor Management

Digital Edition

Scb nov 2022 sm

2022 Supply Chain Innovator of the Year

VIEW THE LATEST ISSUE

Case Studies

  • New Revenue for Cloud-Based TMS that Embeds Orderful’s Modern EDI Platform

  • Convenience Store Client Maximizes Profit and Improves Customer Service

  • A Digitally Native Footwear Brand Finds Rapid Fulfillment

  • Expanding Apparel Brand Scales Seamlessly with E-Commerce Technology

  • How a Global LSP Scaled its Security Program and Won More Business

Visit Our Sponsors

Orderful Yang Ming Alithya
Barcoding Blue Yonder BNSF Logistics
CoEnterprise Data Capture Deposco
E2open GAINSystems Generix
Geodis GEP GreyOrange
Here Honeywell Intelligrated IFM
Infor Inmar Keelvar
Kinaxis Korber Lean Solutions Group 2H
Liberty SBF Locus Robotics Logility
LogistiVIEW Lucas Systems MCA Connect
MPO Nvidia Old Dominion
OpenText ORTEC Overhaul
Parsyl PMMI QIMA
Redwood Logistics Ryder E-commerce by Whiplash Saddle Creek Logistics
Schneider Dedicated Setlog Holding AG Ship4WD
Shipwell Tecsys TGW Systems
Thomson Reuters Tive Trailer Bridge
Vecna Robotics Verity
Verusen
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2023 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing