WASHINGTON, DC – Tens of millions of Americans are at the mercy of cyber-attacks because government agencies are failing to protect their information online.
A disturbing report released Tuesday shows your personal information may have been jeopardized by government system failures.
Some of the issues stretch back for years, allowing a hacker to possibly wreak havoc on millions of Americans.
A Senate subcommittee report exposes how eight government agencies failed to address cyber weaknesses identified by the inspector general – some more than a decade ago.
The Social Security Administration alone risked the information of more than 60 million Americans who receive benefits.
In addition, the report revealed that since 2011, the Education Department has been unable to prevent unauthorized devices from connecting to its network, giving hackers 90 seconds to access information. That's more than enough time for someone who knows what they're doing.
"It's critical for Washington to really clean up its own house," said Trevor Logan, a cyber researcher with the Foundation for Defense of Democracies.
"It's a huge attack vector that we're leaving ourselves vulnerable to for an adversary to respond," Logan said.
His concerns are echoed by Don Murdoch with the Institute for Cyber Security at Regent University in Virginia. Murdoch trains people in government and private companies to become cyber defenders – those who can recognize system vulnerabilities, expose a cyber attack, and stop it. He says the threat is real and growing.
"If you look at what's occurring globally, there are over 300 identified attack groups that have names or numbers that we know about that are operated by foreign service, foreign military, foreign intelligence services, criminal organizations," Murdoch said.
With ongoing tensions in the Middle East, officials believe Iran is taking the cyber attack strategy even further, using so-called cyber proxies against the US. Other likely countries include China and Russia.
The report mentions several recommendations to strengthen the cybersecurity of these government agencies. They include giving Chief Information Officers greater authority over decision making when it comes to cybersecurity. Those officials would also be required to regularly report their progress to agency heads and ultimately to Congress.