Cybersecurity Lags at Federal Agencies.
Despite unprecedented improvements in securing information during fiscal year 2015, federal agencies remain precariously behind, according to the annual cybersecurity compliance report released by the Office of Management and Budget.
The annual report to Congress on agency compliance with the Federal Information Security Modernization Act of 2014 found malicious actors continue to compromise federal networks, information systems and data. It also revealed that 15 of 24 major agencies had no formalized plan for cyberattacks.
The NCUA was not among the 24 major agencies analyzed in the report, but did submit a FISMA report along with 59 other smaller agencies. Those results were only reported in aggregate. Download and read the entire report here. While the report recognized the unprecedented progress in FY2015 to strengthen federal cybersecurity, it said additional work remains to improve the defense of federal systems, networks and data from persistent threats and increasingly sophisticated malicious activity.
"To address this challenge, the federal government must take action to combat increasingly sophisticated and persistent threats posed by malicious actors," the report read.
Additionally, independent evaluations of information security programs and practices conducted by agency inspectors general identified several performance areas in need of improvement, including configuration management, identity and access management and risk management practices.
Senior Agency Official for Privacy reviews also found that federal agencies must continue to take steps to analyze and address privacy risks and ensure privacy protections are in place throughout systems' lifecycles.
During FY 2015, federal agencies reported 77,183 cybersecurity incidents, a 10% increase over the 69,851 incidents reported in FY 2014. The increasing number and impact of these incidents demonstrate that continuously confronting cyberthreats must remain a strategic priority.
According to the report, agencies scored an average of 72% in ability to detect unauthorized hardware, 74% in anti-phishing defenses and 52% in information security continuous monitoring vulnerability management capabilities.
During FY 2015, OMB Cyber increased its oversight role and agency engagement through the CyberStat Review process. The purpose of the CyberStat Review is to accelerate progress toward achieving FISMA and cross agency priority goals by reviewing the progress of selected agencies, developing actionable plans, providing targeted assistance and following up throughout the year.
The report primarily includes FY 2015 data reported by agencies to OMB and DHS on or before Nov. 16, 2015. Since the cutoff date, the administration announced the Cybersecurity National Action Plan in February, which directed the federal government to take actions to increase cybersecurity. President Barack Obama also proposed the 2017 budget would include $19 billion to improve federal IT security, such as replacing severely outdated systems.
The report contained no mention of the 2015 OPM breach. In June and July of 2015, the OPM discovered two separate but related cybersecurity breach incidents, which exposed the personal data of current and former Federal government employees, contractors and others. The OPM blamed the attack on Chinese hackers.
Last November the fiscal 2015 audit from the OPM's Office of the Inspector General reported the agency is vulnerable to another cyberattack, as it continued to struggle to meet many requirements under FISMA.
"We continue to believe that (the) OPM's management of system authorizations represents a material weakness in the internal control structure of the agency's IT security program," Michael R. Esser, assistant inspector general for audits, said in that report.
|Printer friendly Cite/link Email Feedback|
|Publication:||Credit Union Times|
|Date:||Mar 30, 2016|
|Previous Article:||MTC FCU Employee Fired Over Facebook Racial Slur.|
|Next Article:||Deschambault Wins Special Election for Maine Senate Seat.|