According to a report submitted as testimony by Greg Wilshusen, director of information security issues at GAO, in a recent congressional hearing cybersecurity incidents that involved federal government have increased more than 1,000 percent since 2006.
The document reports that in the fiscal year 2014, federal agencies suffered 67,168 cyber security incidents that exposed personally identifiable information (PII), meanwhile the number of incidents in 2006 was just 5,503 (+ 1,121%).
The recent Office of Personnel Management breaches are the largest ever to affect the federal government, they raised the alarm on the level of security of other government agencies.
Given the increasing number of incidents, it is crucial that federal agencies take appropriate countermeasures to mitigate the risks and protect federal systems.
“Agencies continue to have shortcomings in assessing risks, developing and implementing security controls, and monitoring results. Specifically, for fiscal year 2014, 19 of the 24 federal agencies covered by the Chief Financial Officers (CFO) Act reported that information security control deficiencies were either a material weakness or a significant deficiency in internal controls over their financial reporting.” states the GAO report.
DHS and Office of Management and Budget (OMB) have several initiatives to improve the cybersecurity of federal government agencies.
The report highlights three initiatives to improve the cyber security of federal agencies:
The experts of the US government are aware of the risks related to cyber attacks and consider essential the adoption of a ‘defense in depth’ approach that will allow the improvement of security posture, mitigation of risks and early detection of ongoing attacks.
(Security Affairs – cyber security, Federal government)