Federal agencies are at high information security risk

Governments all over the world urge private companies to take security measures to protect the personal data of their citizens. For example, the recently adopted EU General Data Protection Regulation (GDPR) obliges organizations collecting personal data from EU residents to adopt information security measures protecting the collected information. However, governments need to be active not only in forcing private parties to protect their computer systems but also in making sure that their own information infrastructure does not have serious flaws.

A report called “Federal Cybersecurity Risk Determination Report and Action Plan” published by the U.S. government in May 2018 reveals that 71 of 96 federal agencies are either at risk or high risk. The report defines the term “high risk” as “Key, fundamental cybersecurity policies, processes, and tools are either not in place or not deployed sufficiently,” and the term “at risk” as “Some essential policies, processes, and tools are in place to mitigate overall cybersecurity risk, but significant gaps remain.”

AWS Builder Community Hub

The report presents four important findings, namely, the limited situational awareness of the agencies (Section 2), the agencies’ lack of standardized IT capabilities (Section 3), the agencies’ limited network visibility (Section 4), and the agencies’ lack of accountability for managing risks (Section 5). At the end of this article, we provide concluding remarks (Section 6).

One of the major findings of the report is that the agencies cannot identify the methods and vectors of cyber-attacks. Out of 30,899 cyber incidents that led to security breaches, the methods and the vectors of the attacks were not identified in 11,802 cases. Even in cases when they were identified, the agencies did not have processes in place to communicate the data about the attacks to other agencies. According to the report, only 59% of agencies reported having such processes.

The (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Daniel Dimov. Read the original post at: