Report: Number of cyber ‘incidents’ up at federal agencies

CAC-reader-access-card

(Cyberwar.news) Even as officials were scrambling to tamp down IT vulnerabilities following a series of high-profile data breaches, the number of cybersecurity ‘incidents’ among federal agencies climbed last year, a new White House report noted.

As reported by The Wall Street Journal, over the fiscal year ending Sept. 30, 2015, federal agencies reported 77,183 incidents, up from 69,851 the previous year and 60,753 in FY 2013, the Office of Management and Budget reported last week.

Incidents ranged from unauthorized access, port scans – which are a series of messages that are sent to a computer port by hackers in an attempt to find a network vulnerability – and probes of networks to malware, unconfirmed third-party notifications and other suspicious activities.

The Journal reported further:

At least part of the uptick reflects improvements by agencies in detecting cyber attacks, according to the OMB, which is responsible for federal agencies’ IT security policies and practices. Overall, agencies had an average score of 89% in their ability to detect and block unauthorized software from accessing their systems, and 72% in detecting unauthorized hardware and devices, the report said.

Four federal agencies managed a perfect score of 100 percent in detecting outside hack attempts and other unauthorized probes, according to an assessment of detection capabilities by the Department of Homeland Security. One of the most besieged agencies was the Office of Personnel Management, which reported in July that two massive data breaches the year before compromised information on more than 21 million current and former federal employees and their families. That led to the resignation of the agency’s director and chief information officer.

The White House report said “continuously confronting cyber threats must remain a strategic priority.”

In February President Obama introduced his Cybersecurity National Action Plan, calling for stronger authentication controls like the use of personal identity verification cards or two-factor authorization in order to access any federally controlled system.

OMB said that it worked throughout 2015, in conjunction with DHS, in conducting cybersecurity reviews at 14 federal agencies with the goal of accelerating efforts to meet a set of government-wide security objectives. The White House report says that the efforts led to a 30 percent increase in the number of federal agencies utilizing personal identity verification cards to guard access to IT networks. By November, 83 percent of all federal agencies were using them, the report notes.

Yet despite such measures, “malicious actors continue to gain unauthorized access to, and compromise, federal networks, information systems and data,” the report added.

See also:

The Wall Street Journal

Cyberwar.news is part of the USA Features Media network.