Agencies struggle to document responses to cybersecurity incidents

How good is your agency's incident response?

As in any job, in cybersecurity it’s the paperwork that gets you. In a recent study, the Government Accountability Office found that agencies are doing an incomplete job in documenting their response to security incidents.

The GAO studied a sample of 40 incidents in fiscal 2012 at six agencies to get a statistical picture of overall practices at 24 major executive branch agencies. In about 65 percent of the cases, it found that incident response activities were not fully documented.

Most agencies identified the scope of the incident, but often did not demonstrate that they knew the impact of it. Other responses, such as actions to prevent recurrence of an incident, often were not shown. Each of the agencies studied had some type of an incident response plan, but none was comprehensive.

The Office of Management and Budget and the Department of Homeland Security oversee agencies’ cybersecurity activities, but neither had addressed incident response practices in their CyberStat reviews.

These shortfalls come at a time of increasing rates of cyber incidents at agencies, from 34,840 in fiscal 2012 to 46,160 in fiscal 2013.

The study does not necessarily mean that agencies are not doing a good job in their cybersecurity and incident response, but without a plan for documenting it, it is difficult to say how good a job is being done.

About the Author

William Jackson is a Maryland-based freelance writer.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected