In August 2021, a damning U.S. Senate report showed that seven out of eight U.S. federal agencies were unable to protect their critical data from intrusion attempts.
The investigation revealed large-scale security flaws in the IS of the State Department and agencies responsible for housing, transport, agriculture, health, education, and social security. Only the Department of Homeland Security proved to be sufficiently robust.
On 3 November 2021, CISA, mandated by President Joe Biden, gave the seven agencies in question six months to fix these hundreds of vulnerabilities—some of which active for more than a decade. According to CISA, this directive applies “to all software and hardware used on agency premises or hosted by third parties on behalf of an agency.”