The US government reported 77, 183 cybersecurity incidents during fiscal year (FY) 2015, a 10 percent increase over reported incidents in FY 2014, according to a White House audit.
“The increasing number and impact of these incidents demonstrate that continuously confronting cyber threats must remain a strategic priority,” the report stated.
The annual performance review from the Office of Management and Budget (OMB), a requirement under the Federal Information Security Modernization Act of 2014 (FISMA), provides Congress information on federal cybersecurity incidents, as well as agency progress towards meeting cybersecurity performance goals, and identifies areas in need of improvement.
Federal agencies have reported an increasing number of cybersecurity incidents, including a few damaging, high-profile cyber attacks. Over the summer, a major data breach at the Office of Personnel Management (OPM) compromised the sensitive information of millions of current and former federal employees. In another case, hackers penetrated the email system used by the Joint Chiefs of Staff at the Pentagon.
In FY 2015, the US government rolled out several initiatives aimed at strengthening federal cybersecurity in the wake of a number of federal security breaches. For example, last year, the White House launched a program dubbed the “30-day Cybersecurity Sprint” designed to improve the protection of federal information and assets, and make it more difficult for hackers to gain access to federal systems.
Following the “30-day Cybersecurity Sprint,” OMB developed the Cybersecurity Strategy and Implementation Plan (CSIP) outlining further actions that need to be taken to address critical cybersecurity priorities across the federal government.
Most recently, in February 2016, the Administration announced the Cybersecurity National Action Plan (CNAP), which is the capstone effort that builds upon lessons learned from cybersecurity trends, threats, and intrusions. To continue to support the CNAP, the President’s FY 2017 Budget proposes investing over $19 billion in resources for cybersecurity.
However, the battle to improve the United States’ cybersecurity posture is not over.
“Despite unprecedented improvements in securing federal information resources during FY 2015, malicious actors continue to gain unauthorized access to, and compromise, Federal networks, information systems, and data,” the report stated.
Independent evaluations revealed the need for improvement in a number of areas, including configuration management, identity and access management, and risk management practices. Federal agencies also need to continue to take steps to analyze and address privacy risks and ensure privacy protections are in place throughout systems’ lifecycles.