News Ticker

Cybersecurity breaches highlight the need for strong controls

Security incidents involving personally identifiable information double since 2009

disk and padlock

Recent cybersecurity breaches highlight the need for strong controls across federal agencies, advises the US Government Accountability Office.

A recent report by the US Government Accountability Office has identified a number of challenges federal agencies are facing in addressing cybersecurity threats.

The report comes following a number of reported cybersecurity incidents involving personally identifiable information, and suggests that federal systems and information will be at an increased risk of compromise from cyberbased attacks until the challenges are addressed.

Challenges highlighted in the report include:

  • Designing and implementing a risk-based cybersecurity programs
  • Enhancing oversight of contractors providing IT services
  • Improving security incident response activities
  • Responding to breaches of personal information
  • Implementing cybersecurity programs at small agencies

“The federal government faces an array of cyberbased threats to its systems and data, as illustrated by the recently reported data breaches at the Office of Personnel Management (OPM), which affected millions of current and former federal employees”, stated Gregory C. Wilshusen, Director, Information Security Issues, in a hearing on the Department of Homeland Security’s efforts to secure federal information systems.

“Such incidents underscore the urgent need for effective implementation of information security controls at federal agencies”, Mr Wilshusen added.

The report recommends that agencies “employ a multi-layered, “defense in depth” approach to security that includes well-trained personnel, effective and consistently applied processes, and appropriate technologies”, recognising that no single technology or tool is sufficient to protect against all cyber threats.

“Given the risks posed by cyber threats and the increasing number of incidents, it is crucial that federal agencies take appropriate steps to secure their systems and information”, states the report states.

The number of security incidents involving personally identifiable information at US federal agencies has more than doubled from 10,481 incidents in 2009 fiscal year to 27,624 incidents in 2014 fiscal year, according to the report.

Recent incidents include:

  • a breach at the Office of Personnel Management affects the personnel records of around 4 million current and former federal employees in June 2014
  • unauthorized third parties gained unlawful access Internal Revenue Services information on approximately 100,000 tax accounts, including social security information, dates of birth, and street addresses in 2014
  • an intrusion at the United States Postal Service’s information systems compromises the personal information of more than 800,000 employees in 2014

Read the full report – CyberSecurity: Recent Data Breaches Illustrate Need for Strong Controls across Federal Agencies.