Every two years, the Government Accountability Office issues a report on “high-risk” programs and operations in government that have “vulnerabilities to fraud, waste, abuse, and mismanagement, or that need transformation.”

The new high-risk list for 2021 has two additions, but perhaps more troubling are the five programs and agencies on the list where things have gotten worse, including the U.S. Postal Service and the nation’s cybersecurity systems.

The postal service has long been a candidate for privatization. That it is still on the GAO’s naughty list only reinforces the need to cut it loose from taxpayer support.

One area that recent hacking attacks have shown is in dire need of reform is cybersecurity:

Federal agencies and our nation’s critical infrastructures—such as energy, transportation systems, communications, and financial services—are dependent on IT systems and electronic data to carry out operations and to process, maintain, and report essential information. The security of these systems and data is vital to public confidence and national security, prosperity, and well-being.

Because many of these systems contain vast amounts of personally identifiable information (PII) and other sensitive information, agencies must protect the confidentiality, integrity, and availability of this information. In addition, they must effectively respond to data breaches and security incidents when they occur.

The risks to IT systems supporting the federal government and the nation’s critical infrastructure are increasing, including insider threats from witting or unwitting employees, escalating and emerging threats from around the globe, and the emergence of new and more destructive attacks.

That sounds like something the Biden administration should have included in its infrastructure plan, doesn’t it? But preventing the bad guys – or increasingly, the bad foreign governments – out of our critical online systems and data just isn’t as sexy as a politician’s photo op at a bridge opening.