Agencies' lack of visibility and timely threat data puts them at risk to the nation's cyber enemies, according to a new report from the Office of Management and Budget.
While the nation's cyber enemies have grown steadily more sophisticated and advanced, federal agency defenses have largely stagnated, leaving nearly three-quarters of agencies with cybersecurity programs that put them at significant risk, according to a new report from the Office of Management and Budget.
Of the 96 federal agencies participating in the assessment, 71 had cybersecurity programs that were either at risk or at high risk. Just 25 agencies were reported to be managing risk using recommended tools and policies.
The report found that only 40 percent of the agencies examined reported the ability to detect when their data is being exfiltrated. Only a quarter can detect attempts to access large volumes of data on their systems, and fewer still actually bother to test those capabilities on an annual basis.
That lack of visibility and timely threat data around the latest tactics and strategies used by malicious cyber attackers have left many IT leaders flying blind. The end result: Of the 30,899 cyber incidents that lead to the compromise of information or system functionality in 2016, agencies couldn't identify the method of attack or attack vector for 11,802.
"Simply put, agencies cannot detect when large amounts of information leave their networks, which is particularly alarming in the wake of some of the high-profile incidents across government and industry in recent years," the report stated.
Agencies also lack a standardized set of cybersecurity tools – something the government hopes to address through programs like Continuous Diagnostics and Mitigation. CDM is designed to scan federal networks, quickly identify unauthorized users or programs and kick them off. However, the program has been beset by numerous implementation delays over the years.
Most agencies are still in Phase 1, which focuses on identifying what's on the network; DHS is hoping that a retooled contracting process will help the program better gel with agency needs and priorities.
OMB makes four major recommendations: implement the Cyber Threat Framework to improve situational threat awareness, standardize IT and cybersecurity capabilities across the federal government, create more centralized security operations centers within agencies and instill a greater sense of responsibility and accountability around cybersecurity among both IT and non-IT agency leadership.
NEXT STORY: Improving physical security with simulations