Washington Audit Discovers Critical Cybersecurity Risks

MOSCOW, December 16 (Sputnik) — A report on IT standards in Washington State has shown that its laws on cybersecurity are not being met by state agencies in one case out of every three.

"We tested five of the 11 state IT security standards at five selected agencies, and found close to 350 instances – out of 1,035 security standard components tested – in which these agencies are not in full compliance," said an audit released on Monday from the Washington State Auditor's Office.

Three areas were deemed most concerning by the report, for which auditors ran a number of application security tests to find out whether the agencies' applications were vulnerable to an attack. Applications security, data security and operations management were subject to the most instances of noncompliance with the state's IT standards, which the document said "closely align with leading practices," but are in practice not being met in a large number of cases.

Examples of noncompliance included a lack of documentation for application changes, inadequate use of encryption and failure to send backup data to an offsite location.

A total of 46 security problems at the five agencies were found during the investigation, seven of which represented a "critical" to security, while 12 were given a "high" risk rating. Recommendations made in the report included greater monitoring from the  State's Office of the Chief Information Officer to ensure agencies' compliance with standards.