Key Issues > Cybersecurity Challenges Facing the Nation – High Risk Issue
information security icon, source: GAO

Cybersecurity Challenges Facing the Nation – High Risk Issue

The federal government needs to take urgent actions to protect federal systems, the nation’s critical infrastructure, and individual’s privacy and sensitive data from cyber threats.

  1. Share with Facebook 
  2. Share with Twitter 
  3. Share with LinkedIn 
  4. Share with mail 

Federal agencies and our nation’s critical infrastructure—such as energy, transportation systems, communications, and financial services—depend on IT systems to carry out operations and process essential data.

But the risks to these IT systems are increasing—including insider threats from witting or unwitting employees, escalating and emerging threats from around the globe, and the emergence of new and more destructive attacks. Rapid developments in new technologies, such as artificial intelligence, the Internet of Things, and ubiquitous Internet and cellular connectivity, can also introduce security issues. 

Over 28,000 security incidents were reported by federal executive branch civilian agencies to the Department of Homeland Security in fiscal year 2019.

Additionally, since many government IT systems contain vast amounts of personally identifiable information (PII), federal agencies must protect the confidentiality, integrity, and availability of this information—and effectively respond to data breaches and security incidents. Likewise, the trend in the private sector of collecting extensive and detailed information about individuals needs appropriate limits

To highlight the importance of these issues, GAO has designated information security as a government-wide high-risk area since 1997. This high-risk area was expanded in 2003 to include the protection of critical cyber infrastructure and, in 2015, to include protecting the privacy of PII.

Ten critical actions are needed to address four major cybersecurity challenges.

GAO has made over 3,000 recommendations to federal agencies to address cybersecurity shortcomings—and we reported about 600 had not been fully implemented as of early September 2020. Of these nearly 600 recommendations, we designated 75 as priority recommendations, meaning that we believe these recommendations warrant priority attention from heads of key departments and agencies. Until these shortcomings are addressed, federal IT systems and data will be increasingly susceptible to cyber threats.

Looking for our recommendations? Click on any report to find each associated recommendation and its current implementation status.

More Reports



Election SecurityThursday, February 6, 2020
  • portrait of Vijay D'Souza
    • Vijay D'Souza
    • Director, Information Technology and Cybersecurity
    • (202) 512-6240
  • portrait of Nick Marinos
    • Nick Marinos
    • Director, Information Technology and Cybersecurity
    • (202) 512-9342
  • portrait of Jennifer R. Franks
    • Jennifer R. Franks
    • Director, Information Technology and Cybersecurity
    • 404-679-1831