WASHINGTON (7/10/15)--A U.S. Government Accountability Office (GAO) report released this week identifies a number of challenges faced by federal agencies when it comes to addressing cybersecurity threats.
The report came just before reports surfaced Thursday that the data breach at the Office of Personnel Management exposed personal information of 21.5 million people.
Information security incidents reported by federal agencies have risen to 67,168 in fiscal year 2014 from 5,503 in fiscal year 2006.
The National Institute of Standards and Technology has identified a number of events that may constitute a cyberattack, including: using public information to scan network parameters; creating a tool to deliberately attack a network; using common platforms (such as email) to install malware; attempting to disrupt information; and maintaining a presence within a specific system or network.
According to the GAO, 19 of 24 federal agencies have declared cybersecurity is a “significant weakness” or “material weakness” for financial reporting purposes. Enhancing information technology oversight, improving incident responses, responding to breaches of personal information and implementing security programs at smaller agencies were also listed as challenges.
There are currently a number of government-wide initiatives under way to increase cybersecurity capabilities, including:
“While these initiatives are intended to improve security, no single technology or tool is sufficient to protect against all cyber threats,” the report reads. “Rather, agencies need to employ a multi-layered approach to security that includes well-trained personnel, effective and consistently applied processes, and appropriate technologies.”