The Department of Homeland Security's cyber agency has failed to make sufficient updates to protect against a major hack, according to DHS's inspector general.
The news comes more than two years after alleged Russian hackers used SolarWinds and Microsoft software to burrow into U.S. federal agencies and obtained information about counter-intelligence investigations, policy on sanctioning Russian individuals and the country's response to COVID-19.
Since then, DHS's Cybersecurity and Infrastructure Security Agency (CISA) has "improved its ability to detect and mitigate risks from major cyberattacks, but work remains to safeguard Federal networks," the inspector general's (IG) report says.
"CISA's ability to execute its mission depends on its people, processes, and technology. CISA's SolarWinds response efforts were impacted by not having needed resources, staffing, and plans," the IG report says.
"Although CISA's capabilities have improved since the SolarWinds breach, any operational or technological gaps may reduce its ability to detect and mitigate cyber threats. Staffing shortages also affect CISA's future development of cyber capabilities."
The IG said failure to increase resources and staffing, and improve planning will result in CISA being "heavily dependent on old or unfinished systems, a scarce cybersecurity talent pool, and tools that do not provide necessary visibility into persistent cyber threats."
"Further, until CISA's cyber capabilities are fully operational, the Federal Government cannot fully benefit from the cybersecurity protections CISA provides," the report concludes. "As a result, the confidentiality, integrity, and availability of Federal data and networks remain at risk at a time when the United States is facing a growing number of increasingly sophisticated cyber threats."
The IG said CISA still needs to update its "continuity of operations plan" and a separate backup plan for communicating securely in the event of another breach.
CNN reported that, in a written response to the IG, CISA officials said both plans will be updated this year.
The IG also said CISA needs more cyberthreat data from the civilian agencies it helps protect. Until that happens, "CISA may not always be able to effectively detect and mitigate major cyberattacks," the watchdog added.
© 2026 Newsmax. All rights reserved.