News Ticker

US Federal Cybersecurity Review 2014

network

The US Government has released its annual report to Congress on the Federal Information Management Security Act.

The Federal Cybersecurity in Review report details federal cyber security incidents in the 2014 fiscal year, including actions to mitigate and prevent future incidents, and agency progress in cybersecurity policies and practices.

Nearly 70,000 information security incidents reported by federal agencies in 2014, up 15% from 2103, the report found.

Cyber security was described an evolving threat to the US Federal Government. “Fiscal Year 2014, in particular, was a pivotal year for Federal cybersecurity, marked by sophisticated threat activity and vulnerabilities,” stated the report.

Strong user authentication was described a key challenge for agencies. Only 41% of federal agencies (excluding Department of Defence) were found to have implemented strong authentication for network access in 2014, despite a finding by the Office of E-Government that nearly a third of Federal cyber security incidents are related to or could have been prevented by Strong Authentication implementation.

Findings include:

  • Mobile devices and unencrypted email are primary sources of loss for sensitive data
  • Unpatched vulnerabilities are a major attack vector
  • Nearly a third of Federal cyber security incidents are related to or could have been prevented by Strong Authentication implementation
  • Nearly all federal agencies (95%) were securing their internet traffic using trusted internet connections (TIC)
  • The majority of federal agencies (92%) had implemented Information Security Continuous Monitoring (ISCM)

The Cybersecurity Cross Agency Priority Goal requires agencies to implement Strong Authentication to “ensure that access to Federal systems and resources is limited to users who require it as part of their job function”.

Strong authentication uses multiple factors to authenticate a user: something that the user has (eg a unique personal identification card), something that the person knows (eg password), something that the person is (eg an approved user).

Read the full 2014 Federal Cybersecurity in Review.

More about the US Government Cybersecurity Cross Agency Priority Goal.