In the 10 years ending with fiscal year 2015, the number of federal cyber incidents has increased by more than 1300% according to a Government Accountability Office (GAO) report.
According to GAO’s director of information security issues, Gregory C. Wilshusen, GAO has made approximately 2,500 recommendations to federal agencies to improve information security controls. “These recommendations identify actions for agencies to take in order to protect their information and the systems it resides on. However, many agencies continue to have weaknesses in implementing these controls, in part because many of these recommendations remain unimplemented,” Wilshusen said in the report.
The number of incidents rose from 5,503 to 77,183, making cybersecurity one of the most important security challenges that the United States faces. Jamal Brown, press secretary for the Office of Management and Budget (OMB) admitted that agencies must continue to be vigilant against cyber threats but also stated that federal agencies have made great strides in securing against cyberattacks.
In his report, Wilshusen gave examples of the types of information that could be breached including national security data, taxpayer data, medical records and Social Security records. He added that these types of data could be used in identity theft crimes and espionage. According to Wilshusen, the threats come from a wide array of sources.
In 2014 22 million Federal employees had their personal information hacked, including Social Security numbers, making it the largest recorded cybertheft. The OMB linked the increase of cyber incidents to the expansion of agencies and information security events.
Though GAO reported that up to 40 percent of its recommendations have yet to be implemented, Wilshusen said the agencies have been doing a good job over time. Wilshusen recommended an expanded federal cyber workforce and additional training. He added that the dilemma has been one that the federal government has faced for a long time and that it must be addressed.