Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

GAO: Federal Cybersecurity Problems Remain

According to a recent report from the Government Accountability Office, despite efforts to implement stronger cybersecurity controls, several federal agencies remain in a weakened state. Since 2006, security incident reports have risen over 650-percent.

According to a recent report from the Government Accountability Office, despite efforts to implement stronger cybersecurity controls, several federal agencies remain in a weakened state. Since 2006, security incident reports have risen over 650-percent.

“Federal agencies have reported increasing numbers of security incidents that placed sensitive information at risk. When incidents occur, agencies are to notify the federal information security incident center—US-CERT. Over the past 5 years, the number of incidents reported by federal agencies to US-CERT has increased from 5,503 incidents in fiscal year 2006 to 41,776 incidents in fiscal year 2010, an increase of over 650 percent,” the GAO notes.

CybersecurityThe watchdog further notes that the reason for the year-to-year increase is that agencies have not fully implemented their information security programs. In 2002, the FISMA Act established information security program, evaluation, and annual reporting requirements for federal agencies. So it isn’t as if they are unaware of their responsibilities.

“An underlying reason for these weaknesses is that agencies have not fully implemented their information security programs. As a result, they have limited assurance that controls are in place and operating as intended to protect their information resources, thereby leaving them vulnerable to attack or compromise,” the report explains.

“Until hundreds of recommendations are implemented and program weaknesses are corrected, agencies will continue to face challenges in securing their information and information systems. GAO is recommending that the Director of OMB provide performance targets for metrics included in OMB’s annual FISMA reporting instructions to agencies and inspectors general.”

When examining the top reasons for poor performance, the GAO said that agencies did not always ensure personnel with significant responsibilities received training, there is a failure to ensure security controls were monitored continuously; failure to ensure weaknesses were remediated effectively; and a lack of oversight to ensure discovered incidents were resolved in a timely manner.

Another issue, aimed at the OMB, states that while there have been new cybersecurity metrics given to federal agencies, a lack of planning to provide performance targets to measure improvement contributed to the jump in reported incidents.

The full report from the GAO is available here.

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...