Today’s security landscape is in a troubling state. Tens of thousands of incidents have been reported by federal agencies, including the White House, Department of State and Nuclear Regulatory Agency. According to the April Government Accountability Office (GAO) report, Information Security: Agencies Need to Improve Cyber Incident Response Practices, the number of cyber incidents in 2014 increased dramatically to more than 46,000 incidents. Since 2009, the reported number of cyber intrusions at federal agencies has risen 144 percent. This is especially alarming given the sensitivity of the information federal agencies manage.
With so much attention being given to security breaches in the last several years, the federal government has had to take firmer actions, including introducing the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework, developing and progressing on cross-agency priorities (CAP) for cybersecurity and establishing the Department of Homeland Security’s (DHS) Continuous Diagnostics and Mitigation (CDM) contract as a way to redefine government’s approach to cybersecurity. We can use these efforts as a benchmark for measuring change and progress.
Agencies have made admirable strides improving their security posture and protecting themselves from cyber threats; spending more than $10 billion in the last fiscal year on IT security, according to a Federal Information Security Management Act (FISMA) report. In addition, $3.6 billion was spent stemming malicious activity and $2.7 billion was put toward intrusion detection and mitigation.
While government is investing in security, efforts like the NIST Framework and DHS’s CDM contract are simultaneously redefining how agencies think of cybersecurity, creating the ingredients for a more effective, proactive security posture.
Read the complete report inthe April/May issue of Homeland Security Today.
Paul Christman is vice president, federal programs, at Dell Software.