According to a new report by the Government Accountability Office (GAO), The Federal Government needs for stronger controls across Federal Agencies.
According to a report submitted as testimony by Greg Wilshusen, director of information security issues at GAO, in a recent congressional hearing cybersecurity incidents that involved federal government have increased more than 1,000 percent since 2006.
The document reports that in the fiscal year 2014, federal agencies suffered 67,168 cyber security incidents that exposed personally identifiable information (PII), meanwhile the number of incidents in 2006 was just 5,503 (+ 1,121%).
The recent Office of Personnel Management breaches are the largest ever to affect the federal government, they raised the alarm on the level of security of other government agencies.
Given the increasing number of incidents, it is crucial that federal agencies take appropriate countermeasures to mitigate the risks and protect federal systems.
“Agencies continue to have shortcomings in assessing risks, developing and implementing security controls, and monitoring results. Specifically, for fiscal year 2014, 19 of the 24 federal agencies covered by the Chief Financial Officers (CFO) Act reported that information security control deficiencies were either a material weakness or a significant deficiency in internal controls over their financial reporting.” states the GAO report.
DHS and Office of Management and Budget (OMB) have several initiatives to improve the cybersecurity of federal government agencies.
The report highlights three initiatives to improve the cyber security of federal agencies:
- Personal identification verification (PIV) technology. The NIST defined requirements the identity verification based on “smart cards.”
- Continuous diagnostics and mitigation controls, a program to provide capabilities and tools that allow the federal government to promptly identify cybersecurity risks, prioritize them and adopt countermeasures to mitigate them.
- National Cybersecurity Protection System at the Department of Homeland Security (Einstein). ” Einstein is a suite of capabilities intended to detect and prevent malicious network traffic from entering and exiting federal civilian government networks.
The experts of the US government are aware of the risks related to cyber attacks and consider essential the adoption of a ‘defense in depth’ approach that will allow the improvement of security posture, mitigation of risks and early detection of ongoing attacks.