Cybersecurity An overview of cyber challenges facing the nation, and actions needed to address them.
Federal agencies and our nation’s critical infrastructure—such as energy, transportation systems, communications, and financial services—depend on IT systems to carry out operations and process essential data. The security of these systems and data is vital to protecting individual privacy and national security.
However, risks to IT systems are increasing—in particular, malicious actors are becoming more willing and capable of carrying out cyberattacks. Additionally, there has been an increase in most types of cyberattacks across the United States, and the cost of these attacks is also increasing.
Most Common Types of Cybersecurity Incidents in the U.S.
Dollars in millions
Additionally, since many government IT systems contain vast amounts of personally identifiable information (PII), federal agencies must protect the confidentiality, integrity, and availability of this information—and effectively respond to data breaches and security incidents. Likewise, the trend in the private sector of collecting extensive and detailed information about individuals needs appropriate limits.
To highlight the importance of these issues, GAO has designated information security as a government-wide high-risk area since 1997. This high-risk area was expanded in 2003 to include the protection of critical cyber infrastructure and, in 2015, to include protecting the privacy of PII.
Ten critical actions needed to address four major cybersecurity challenges
GAO has made over 4,000 recommendations to federal agencies to address cybersecurity shortcomings. However, over 880 of these had not been fully implemented as of December 2022. Of these, we designated 134 as priority recommendations, meaning that we believe they warrant priority attention from heads of key departments and agencies. Until these shortcomings are addressed, federal and critical infrastructure IT systems will be increasingly susceptible to cyber threats.
For more on GAO's reports and recommendations, see the key reports tab below.
Cybersecurity High-Risk Series: Challenges in Protecting Privacy and Sensitive Data
Cybersecurity High-Risk Series: Challenges in Protecting Cyber Critical Infrastructure
Cybersecurity High-Risk Series: Challenges in Securing Federal Systems and Information
Cybersecurity High-Risk Series: Challenges in Establishing a Comprehensive Cybersecurity Strategy and Performing Effective Oversight
Offshore Oil and Gas: Strategy Urgently Needed to Address Cybersecurity Risks to Infrastructure
Cybersecurity: Kick-Starting the Office of the National Cyber Director
Ransomware: Federal Agencies Provide Useful Assistance but Can Improve Collaboration
Cybersecurity Workforce: Actions Needed to Improve Cybercorps Scholarship for Service Program
Privacy: Dedicated Leadership Can Improve Programs and Address Challenges
Critical Infrastructure Protection: Agencies Need to Assess Adoption of Cybersecurity Guidance
Cybersecurity: Federal Response to SolarWinds and Microsoft Exchange Incidents
Privacy: Federal Financial Regulators Should Take Additional Actions to Enhance Their Protection of Personal Information