Most Agencies 'At Risk' or 'High Risk' of Cyberattacks

According to a newly released report released by the Office of Personnel Management, a risk assessment of federal agencies cyber-preparedness – undertaken following massive data breaches at OPM three years ago – most federal agencies remain either “at risk” or “high risk” of future cyberattacks.

Both “OMB and DHS determined that 71 of 96 agencies” – or 74 percent of agencies – “participating in the risk assessment process have cybersecurity programs” that are either at risk or high risk” and “also found that federal agencies are not equipped to determine how threat actors seek to gain access to their information.”

In the Risk Report, OMB and DHS identified “four core actions that are necessary to address” the risks laid out in the report:

  1. Increase cybersecurity threat awareness among Federal agencies by implementing the Cyber Threat Framework to prioritize efforts and manage cybersecurity risks
  1. Standardize IT and cybersecurity capabilities to control costs and improve asset management
  1. Consolidate agency SOCs to improve incident detection and response capabilities
  1. Drive accountability across agencies through improved governance processes, recurring risk assessments, and OMB’s engagements with agency leadership.

The release of the report corresponds with a new executive order from the White House: Executive Order 13800 – Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The order states that agency heads “will be held accountable by the President for implementing risk management measures commensurate with the risk and magnitude of the harm that would result from unauthorized access, use, disclosure, disruption, modification, or destruction of IT and data.”

The order also calls on agency heads to “use The Framework for Improving Critical Infrastructure Cybersecurity (the Framework) developed by the National Institute of Standards and Technology, or any successor document, to manage the agency’s cybersecurity risk” and states that they “shall provide a risk management report to the Secretary of Homeland Security and the Director of the Office of Management and Budget (OMB) within 90 days of the date of this order.

Relatedly, this week, the U.S. General Services Administration (GSA) issued a request for information “on its acquisition vehicle developed specifically for agencies to buy modern cybersecurity services,” according to Billy Mitchell at FedScoop.

Posted in Featured News


This Week on FEDtalk

Navigating Plans for Summer with the National Park Service

Do you know what you are doing this summer? To find out what our National Parks have to offer, tune in to FEDtalk this Friday and start planning your trip!

Read more ...

Hear it from FLEOA

FLEOA Highlights Important Policy, People During Police Week

The Federal Law Enforcement Officers Association (FLEOA) is continually committed to serving our members and the federal law enforcement community. This Police Week, FLEOA has dedicated special time and attention to pushing policy that helps the law enforcement community protect and serve their community. From events highlighting the importance of police to meetings on the Hill, FLEOA is excited to engage the public and policy makers on law enforcement issues during this time of heightened awareness.

Read more ...

The free weekly e-report for Federal Law Enforcement

Get in touch with us

Email FEDagent publisher

Copyright 2019
Hosted by Peak Media Company, LLC