Govt. Security Incidents Balloon

Wednesday, July 15, 2015 @ 09:07 AM gHale

It is difficult to say over 21 million records breached is just the tip of the iceberg because that would be a massive iceberg, but, rather, the attack on the Office of Personnel Management (OPM) should highlight the fact the government’s security is behind the times across the board.

Obviously, OPM has not been the only government department being the victim of an onslaught by attackers. Since 2006, the number of “information security incidents” affecting federal systems each year has steadily increased, according to a report by the Government Accountability Office (GAO).

Can Manufacturing Trust Govt.?
Security Schism Front and Center
Cyber Incidents Down; Reporting Declines
Insider Attacks Rise, Unaware of Risk

In 2006, there were fewer than 6,000 reported incidents, but two years later that number had tripled. Last year, there were about 67,000 reported incidents.

“Effective cyber security for federal information systems is essential to preventing the loss of resources, the compromise of sensitive information, and the disruption of government operations,” stated a document accompanying the report.

Although cyber attacks are on the rise, “information security” incidents at agencies don’t refer to computers at all.

One-quarter of all security incidents recorded in 2014 ended up listed as “noncyber,” according to the GAO report. That’s a designation that could describe paper documents improperly stored on employees’ desks, for example. Malicious code accounted for only 11 percent of these incidents, and suspicious network activity was 3 percent.

Security incidents are also not at the hand of an attacker. They can be unintentional and simply result from employee error or equipment failure, according to the report. Last year, 14 percent of security incidents were the result of equipment or improper use categories.

Agencies should launch risk-based cyber security programs and improve their response to security incidents, according to the report.

“Until federal agencies take actions to address these challenges . . . federal systems and information will be at an increased risk of compromise from cyber-based attacks and other threats,” the report stated.

Click here to download the report.