A report published by SecurityScorecard earlier this April shed light on exactly how many vulnerabilities plague U.S. government organizations. The data revealed that, out of all of the industries examined, ranging from health care to hospitality, the government ranked last in terms of cybersecurity.
For the report, SecurityScorecard analyzed 600 local, state and federal government organizations. It ranked their performances on an A through F scale (F being the worst), and each grade was based on relative security health and current security measures.
The bottom performers were the U.S. Department of State, NASA and the information technology systems of Connecticut, Pennsylvania and Washington. Most of the low-performing organizations were frequent victims of malware infections and exhibited poor network security.
Researchers also accounted for major government data breaches that occurred between April 2015 and April 2016. The state government websites of Colorado and Georgia topped the list, as did the website of the IRS.
In terms of major websites, including NASA.gov, FBI.gov and IRS.gov, data showed that their security levels remained relatively consistent, but not overly positive. The FBI, for instance, remained within the "B" range over the six-month period (October through March) analyzed by SecurityScorecard. However, it has been hovering around "C" since a data breach in February 2016.
IRS.gov had been near an "A" rating during the same six-month period. However, it fell to a "C" in February following a reported data breach. Researchers say it's been showing improvement as its security has remained effective.
NASA.gov has been the worst of the bunch, with grades fluctuating near the "C" level. Similarly, a data breach earlier this year dropped it into the "D" range.
Despite the many lapses in security, some government organizations are keeping up with the ever-changing demands of cybersecurity. The websites of Clark County, Nev., the Hennepin County Library, and the City of Phoenix all scored close to 100 percent, placing them well within the "A" grade.
Researchers note that the top performers had a few characteristics in common. Primarily, they excelled in the areas of application security, password disclosure and patching.
Founded in 1901, the National Institute of Standards and Technology was created by the government to guide the government in its security measures, online and offline. The researchers of the report recommend looking to the NIST for a holistic view of best practices.