14 DAY TRIAL // The Office of Management and Budget (OMB) has published its annual cybersecurity report for Congress, as required by the Federal Information Security Modernization Act of 2014.
The 95-page report covers cybersecurity incidents for the period from October 1, 2014, through September 30, 2015, and also includes an update on the government's plans and expenses regarding its IT systems.
Cybersecurity incidents grew 10% in 2015
According to OMB officials, despite recent investments made in the government cybersecurity and IT systems, in 2015, government agencies reported 77,183 cybersecurity incidents, a number that grew 10% from 2014's value, which was 69,851 incidents.
These incidents were reported by government agencies to the United States Computer Emergency Readiness Team (US-CERT). Sixteen percent of these were caused by "non-cyber" reasons, such as employees losing data storage devices that contained personally identifiable information.
Fourteen percent of these incidents were mere policy violations while the report also listed cybersecurity incident causes such as equipment malfunctions, malware infections, social engineering, suspicious network activity, improper usage, unauthorized access, and denial of service (DoS).
US government held a cybersecurity sprint
The report also provides details on a Cybersecurity Sprint the Federal Chief Information Officer launched in June 2015. As a result of this month-long security audit, government officials are bragging about an increase from 42% to 72% of the total number of federal civilian agencies that are now using what the government considers "strong authentication for all users."
More exactly, this number refers to the use of Strong Authentication Personal Identity Verification (PIV) cards among its agencies. The same report also mentions that, by November 16, 2015, PIV usage grew 9% and reached a total of 81%.
The OMB also says that it worked with the DHS to reduce the total number of critical vulnerabilities in its systems, from 363 to only 3, a 99% reduction.
This was done with the help of the DHS National Cybersecurity and Communications Integration Center (NCCIC), who regularly scanned Internet-accessible government systems and published a weekly Cyber Hygiene Report with all the issues it discovered.
Because of this growing trend, the OMB is planning to invest $19 billion during the next fiscal year to bolster its cybersecurity defenses and also upgrade its IT systems to secure federal networks and its workers.
