Dive Brief:
- In a recently released survey from the Government Accountability Office, 18 out of 24 federal agencies surveyed identified international cyberattacks as the most serious and most frequent threat to the security of their systems.
- The survey found that four agencies in particular -- NASA, the Nuclear Regulatory Commission, Office of Personnel Management and the Department of Veteran Affairs -- had not effectively put in place access controls, leading to increased risks.
- GAO recommended that the Office of Management and Budget move forward with plans to better secure federal systems and that the most vulnerable government agencies fully implement key elements of their information security programs.
Dive Insight:
The GAO watchdog report isn't the first instance of scrutiny over weakness in federal agency information security systems. SecurityScorecard's report from April highlighted how federal agencies maintain especially poor scores for their network security, malware, and flaws in software patching. GAO's survey only serves to confirm that analysis.
Specifically, the GAO survey looked at five key concepts in security systems including authenticating users, limiting users access to certain information, auditing and monitoring of the systems, protecting sensitive data, and setting up a digital perimeter around the network. Every one of the systems the GAO looked into had flaws in at least three out of five of these areas, reports The Hill.
The 18 agencies that reported security flaws said that the identified phishing attacks as the most serious and most frequent attack against systems. In 2014, 11 of the 18 agencies reported 2,267 incidents affecting their high-impact systems, with 500 of those involving malicious code.
In response to the situation, the GAO will be creating separate reports with limited distribution to send out specific recommendations to each of the four agencies, in order decrease potential risks from weaknesses in access controls, patch management, and contingency planning.