Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

GAO: Federal Cybersecurity Problems Remain

According to a recent report from the Government Accountability Office, despite efforts to implement stronger cybersecurity controls, several federal agencies remain in a weakened state. Since 2006, security incident reports have risen over 650-percent.

According to a recent report from the Government Accountability Office, despite efforts to implement stronger cybersecurity controls, several federal agencies remain in a weakened state. Since 2006, security incident reports have risen over 650-percent.

“Federal agencies have reported increasing numbers of security incidents that placed sensitive information at risk. When incidents occur, agencies are to notify the federal information security incident center—US-CERT. Over the past 5 years, the number of incidents reported by federal agencies to US-CERT has increased from 5,503 incidents in fiscal year 2006 to 41,776 incidents in fiscal year 2010, an increase of over 650 percent,” the GAO notes.

CybersecurityThe watchdog further notes that the reason for the year-to-year increase is that agencies have not fully implemented their information security programs. In 2002, the FISMA Act established information security program, evaluation, and annual reporting requirements for federal agencies. So it isn’t as if they are unaware of their responsibilities.

“An underlying reason for these weaknesses is that agencies have not fully implemented their information security programs. As a result, they have limited assurance that controls are in place and operating as intended to protect their information resources, thereby leaving them vulnerable to attack or compromise,” the report explains.

“Until hundreds of recommendations are implemented and program weaknesses are corrected, agencies will continue to face challenges in securing their information and information systems. GAO is recommending that the Director of OMB provide performance targets for metrics included in OMB’s annual FISMA reporting instructions to agencies and inspectors general.”

When examining the top reasons for poor performance, the GAO said that agencies did not always ensure personnel with significant responsibilities received training, there is a failure to ensure security controls were monitored continuously; failure to ensure weaknesses were remediated effectively; and a lack of oversight to ensure discovered incidents were resolved in a timely manner.

Another issue, aimed at the OMB, states that while there have been new cybersecurity metrics given to federal agencies, a lack of planning to provide performance targets to measure improvement contributed to the jump in reported incidents.

The full report from the GAO is available here.

Written By

Click to comment

Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...