GAO 2010 Cybersecurity Recommendations

GAO’s 2010 Cybersecurity Recommendations Are Still Unimplemented

/in , , /by

For those of you who may not be up to speed on the latest in government cybersecurity, let’s catch you up: back in 2010, the Government Accountability Office (GAO) issued a report with 25 recommendations for improving federal agencies’ cybersecurity posture. And yet, here we are over a decade later, and most of those recommendations remain unimplemented. 

In other words, we’re still vulnerable to some pretty serious cyber threats. This is obviously a problem that needs to be fixed – and fast. Without proper cybersecurity risk management for federal government contractors, government systems and data will be vulnerable to attack. The Government Accountability Office (GAO) has emphasized the urgency, but not everybody seems to be paying attention.

They were warning us about the risks 13 years ago, and they’re warning us about them now. It’s time to get right with the GAO.


Here Are the Main Takeaways From the GAO 2010

These are the basics, the minimums, the brass tacks. If you can’t do these, then you need help.

Risk Management

The GAO recommends evaluating and managing cyber risks on a continual basis, using effective risk management policies and procedures. This suggests that every contractor and agency has to put in place a process to deal with vulnerabilities–both planning for threats and regularly monitoring them, so nothing gets overlooked. 

It also means systemizing clear authorization protocols and putting rigorous encryption measures so that each person’s involvement remains secure. By paying attention to the overall architecture of their networks, alongside people-oriented security practices such as policies and training programs, contracting organizations can protect everyone involved—from developers to company executives—to avoid potential cyber disasters down the line.

Information Security

The GAO’s recommendations for improving their systems included IT practices such as changing passwords regularly and securely transferring information within networks. This means that for government contractors, information security must go beyond just encrypting sensitive data and also include educating personnel on safe cyber habits such as using secure connection procedures and implementing best practice policies. 

Incident Response and Management

Incident Response and Management (IRM) is designed to help organizations identify and respond to cyber threats, such as data breaches, malware, or other malicious attacks. Through IRM, government contractors can adopt measures to protect their systems from attack, detect incidents when they occur, respond quickly and effectively to mitigate the harm done as soon as possible. 

IRM also implements measures for recovering from any loss caused by a security incident and ensuring that adequate steps are taken in order to prevent similar incidents from taking place in the future. 

Continuity of Operations

COOP is essential to prepare for and respond to threats, outages and other events that can stop the flow of operations. It involves creating a plan of action across all key aspects in order to keep your operations running as smoothly as possible. The idea is that when any disruption occurs, you stay resilient so you can manage it with minimal downtime. That’s why it’s so concerning that GAO’s 2010 cybersecurity recommendations are still largely unimplemented – leaving government contractors vulnerable.

Okay, Now Execute

You know what the recommendations are, but now it’s time to implement them. All the recommendations in the world don’t mean a thing if you can’t execute them. If those recommendations are too heavy for your GovCon to lift, then you might want to consider getting some help. If you still insist on soldiering on by yourself, here are some tips and challenges you can expect.

  1. Get the Right People Involved: Ensure that you have the right people in place to implement and manage security measures across your organization, from IT personnel to developers and executives.
  2. Educate Yourself and Your Team: You’ll need to stay up-to-date on the latest trends and best practices of cyber security. Make sure to also train your personnel on issues related to cybersecurity, such as recognizing and responding to threats.
  3. Build a Comprehensive Plan: Create a plan of action that covers all aspects of cybersecurity in your organization, from risk management and information security to incident response and continuity of operations.
  4. Monitor Your System Regularly: Monitor your system to ensure that any threats or vulnerabilities are identified and addressed in a timely manner.
  5. Test Your System: Regularly test the security of your system, both internally and externally, to make sure you’re up-to-date with the latest security measures.
  6. Prepare for Disaster: Make sure you have the resources and processes in place to respond to any security breach or disaster quickly.

By following these steps, not only will you be taking proactive measures to protect yourself against potential cyber threats and disasters, but you’ll also be ensuring that your organization is prepared for whatever comes next. 

And It’s Only Going to Get Worse

The rapid developments in new technologies, such as artificial intelligence, the Internet of Things, and ubiquitous Internet and cellular connectivity, are guaranteed to introduce new security issues. 

The Department of Justice (DOJ) has also launched a cybersecurity enforcement initiative that is targeting federal contractors, which highlights the need for these contractors to be vigilant about their cybersecurity posture. The new guidelines put in place for federal agencies also include a requirement for an agency to report a major incident within one hour of its occurrence. 

Let’s ask the question again: are you ready for all that? 

If not, that’s okay. BOOST is here to help.  With our network of GovCon partners, we can provide a referral to a trusted organization who can assist you.  

Don’t Be Afraid to Bring in Some Help

At BOOST, we understand just how difficult it can be to run a small to midsized government contracting business. That’s why we’re here to help you with your back-office needs, so you can focus on winning those bids.

Whether you need help with accounting and finance, contracts, HR solutions, talent acquisition or strategic pricing assistance that will take your business to the next level, BOOST is here to help. Contact us today to learn how we can help.

VOSB and SDVOSB Certification Veteran-Owned Small Business (VOSB) and Service-Disabled Veteran-Owned Small Business (SDVOSB) Certification March Madness Bracket for Work | March Madness Business | Company Culture March Madness for GovCons: Get Your Company Involved