The President's Council of Advisors on Science and Technology (PCAST) released a report on the state of the nation's cybersecurity today. The report's first finding: the US government is terrible at cybersecurity.

"The Federal Government rarely follows accepted best practices," the report stated. In order to ensure that the country as a whole is more secure against cyber attack, the council advised, the government "needs to lead by example and accelerate its efforts to make routine cyber attacks more difficult by implementing best practices for its own systems."

Much of the list of PCAST's recommendations for taking that leadership role read like the advice that many IT people give their parents. Among the top of the list of cyber-fails that need to be corrected is the government's continued use of Windows XP and outdated, insecure browsers.

As Ars has reported previously, Windows XP is still deployed across much of the government. PCAST recommended that the administration move to phase out XP and other "unsupported and unsecure" operating systems within two years and upgrade to current versions of Windows, Linux, and MacOS. The council also recommended adoption across government offices of the latest and most secure versions of browsers and of the Trusted Platform Module for handling encryption at rest on computers, phones, and tablets. It advised a move toward automatically updating software, as well.

The council also suggested ways in which to encourage better security in the private sector, including: