US Government Security Incidents Skyrocket

Security incidents at federal agencies within in the United States government have soared 650 percent over the past five years, according to a report from the Government Accountability Office.

In the past five years, the number of reported events has grown from 5,503 in 2006 to 41,776 in 2010, federal auditors wrote in a Government Accountability Office report released on 3 October.

Malware infections

The GAO compiled the report based on information from security-related reports and data from 24 federal agencies and departments that were collected between September 2010 and October 2011.

Nearly 30 percent of incidents involved malware infections, making it the most prevalent cyber-event, the report found. Other common issues included violations of acceptable use policies and intrusions into networks, applications and other data resources.

“Of the 24 major agencies, none had fully or effectively implemented an agency-wide information security programme,” Gregory C. Wilshusen, GAO director for information security issues, wrote in the report.

Agencies are vulnerable to cyber-attack and other security issues because they have failed to implement proper security controls, GAO auditors wrote.

Agencies do not always adequately train system security personnel, regularly monitor safeguards, fix vulnerabilities or resolve incidents in a timely manner when they do occur, according to the report. These problems leave the departments vulnerable to both external and internal threats, Wilshusen said.

“As long as agencies have not fully and effectively implemented their information security programmes, including addressing the hundreds of recommendations that we and inspectors general have made, federal systems will remain at increased risk of attack or compromise,” wrote Wilshusen.

‘Unnecessary’ vulnerability

The audit found that the Internal Revenue Service does not block employees from accessing databases not required for their jobs. As a result, financial and taxpayer information “remain unnecessarily vulnerable” to insider threats.

The fact that any employee has access to the systems means there is an increased risk of “unauthorised disclosure, modification or destruction”, the report said.

Another incident involved a network user who clicked on a malicious link in an email. The employee was told he’d won a new car in a lottery he’d supposedly entered when he answered some questions on a survey about his pets.

The employee discovered later that several credit cards had been opened in his name and large amounts of pet supplies ordered without his knowledge, according to the report.

The GAO periodically updates Congress on how well federal departments are complying with the 2002 Federal Information Security Act. FISMA is supposed to help federal departments and agencies define security policies, conduct security awareness training and implement proper surveillance of computer safeguards.

Under the law, passed in 2002, every agency in the federal government has to have information security programmes and plans for managing risks in place.

This is not the first time in recent months the GAO has called out departments on lax information security. In an August report, the GAO issued an audit report of the Federal Deposit Insurance Corporation that showed the FDIC did not use strong passwords, review user access and failed to encrypt sensitive financial information.

The August GAO report found weaknesses in FDIC controls that are supposed to manage system configurations, deploy patches and segregate certain network activities.

Fahmida Y Rashid eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.

Share
Published by
Fahmida Y Rashid eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.

Recent Posts

US Widening AI Lead Over China, Finds Stanford Report

US widening lead over China on AI development, as UK places third in Stanford index…

3 hours ago

Amazon To Pump Another $4bn Into AI Start-Up Anthropic

Amazon to invest a further $4bn into AI start-up Anthropic, doubling its investment as it…

4 hours ago

The Cost of Tech Skills

The demand for tech skills is surging, driving economic growth but revealing challenges. Financial costs,…

4 hours ago

Supreme Court Says Meta Must Face Multibillion-Dollar Fraud Lawsuit

US Supreme Court tosses Meta's appeal over Cambridge Analytica-linked investor lawsuit, meaning case must proceed

4 hours ago

Uber Seeks $10m Stake In Pony AI Via IPO

Uber reportedly seeks $10m stake in Chinese autonomous driving firm Pony AI via US IPO,…

5 hours ago

Apple Developing ‘LLM Siri’ AI For 2026

iPhone maker reportedly developing next-generation AI large language model for Siri for spring 2026 as…

5 hours ago