You’d think of any organization, the U.S. government would want to make sure its systems were secure. Guess it’s not doing that so well.
The President’s Council of Advisors on Science and Technology, otherwise known as PCAST, sent the president a letter entitled, “Immediate Opportunities for Strengthening the Nation’s Cyber Security.” In it, PCAST explained that the government needs to, “lead by example and improve its own processes to combat cyber threats.”
And PCAST doesn’t beat around the bush with its findings. The very first one listed in this report states, “The Federal Government rarely follows accepted best practices.” From here the group encourages the president to phase out the usage of any insecure operating systems. It specifically lists Windows XP as one of those operating systems needing the boot and instead recommends Mac OS, Windows, and Linux as a substitute. It further urges government IT departments to direct its employees to use updated browsers only.
It also says government employees should use automatically updating software.
While a lot of this seems incredibly basic, it’s a problem for companies in the private sector as well. As much as you want to hammer in security best practices, if your individual employees don’t follow the rules, your system is vulnerable. Because of this, PCAST also recommends that the government force any private sector company it regulates to be compliant with these security best practices. And, on top of that, PCAST suggests that (in a bit of a role reversal) the government provide private sectors with information about security incidents it experiences.
The report released today is not the full assessment of the government’s issues and needs. That report is classified and was delivered to the president in February. This one, however, has been stripped of some details to be consumed by the general public.
hat tip Ars Technica