Most Agencies 'At Risk' or 'High Risk' of Cyberattacks

According to a newly released report released by the Office of Personnel Management, a risk assessment of federal agencies cyber-preparedness – undertaken following massive data breaches at OPM three years ago – most federal agencies remain either “at risk” or “high risk” of future cyberattacks.

Both “OMB and DHS determined that 71 of 96 agencies” – or 74 percent of agencies – “participating in the risk assessment process have cybersecurity programs” that are either at risk or high risk” and “also found that federal agencies are not equipped to determine how threat actors seek to gain access to their information.”

In the Risk Report, OMB and DHS identified “four core actions that are necessary to address” the risks laid out in the report:

  1. Increase cybersecurity threat awareness among Federal agencies by implementing the Cyber Threat Framework to prioritize efforts and manage cybersecurity risks
  1. Standardize IT and cybersecurity capabilities to control costs and improve asset management
  1. Consolidate agency SOCs to improve incident detection and response capabilities
  1. Drive accountability across agencies through improved governance processes, recurring risk assessments, and OMB’s engagements with agency leadership.

The release of the report corresponds with a new executive order from the White House: Executive Order 13800 – Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The order states that agency heads “will be held accountable by the President for implementing risk management measures commensurate with the risk and magnitude of the harm that would result from unauthorized access, use, disclosure, disruption, modification, or destruction of IT and data.”

The order also calls on agency heads to “use The Framework for Improving Critical Infrastructure Cybersecurity (the Framework) developed by the National Institute of Standards and Technology, or any successor document, to manage the agency’s cybersecurity risk” and states that they “shall provide a risk management report to the Secretary of Homeland Security and the Director of the Office of Management and Budget (OMB) within 90 days of the date of this order.

Relatedly, this week, the U.S. General Services Administration (GSA) issued a request for information “on its acquisition vehicle developed specifically for agencies to buy modern cybersecurity services,” according to Billy Mitchell at FedScoop.

Posted in Featured News


This Week on FEDtalk

Two Opportunities for You

Tune in to the next episode of FEDtalk on Friday, November 30th, 2018, to hear the latest from Shane Canfield, CEO of WAEPA, who will be discussing the company’s new offerings, and what federal employees should be thinking about, with Open Season in full swing. Also on the program will be Senior Executives Association President Bill Valdez discussing the upcoming 2018 Presidential Rank Awards Leadership Summit, to be held on December 13, 2018.

Read more ...

Hear it from FLEOA

An Update on the OPM Cyber Breach

In the wake of the most recent data breach of Equifax, FLEOA has provided an update on the June 2015 Office of Personnel Management (OPM) data breach to include claims, lawsuits and legislation.

Read more ...

The free weekly e-report for Federal Law Enforcement

Get in touch with us

Email FEDagent publisher

Copyright 2018
Hosted by Peak Media Company, LLC