Cybersecurity is one of the most pressing issues facing information security professionals and executive decision makers. This is even more the case for federal agencies, which have been tasked with safeguarding the information of 330 million people.
At the same time, there has been a growing number of breaches in Federal Government systems. According to Thales e-Security’s 2018 Data Threat Report, US federal agencies are at more risk than any other sector, with 71% of IT professionals in government citing at least one breach in their agency. And the government knows the risk. IT security spending for federal agencies has accelerated rapidly in recent years and will continue to increase year over year for the coming fiscal year.
One of the major risks of cyber threats in government is how many people might be affected. The largest data breaches in history are often government associated, including the 2009 NARA breach that affected 76 million people and the 2015 voter database breach that potentially affected 191 million (caused by a lack of encryption).
For this reason, agencies are stepping up their efforts and investing heavily in information security measures to protect against threats from bad actors. Here is a look at some of those new threats and the actions being taken.
Lagging Security Processes
The biggest threat to government systems is an old one. Many agencies still operate on a network of legacy systems for routine functions. These legacy systems have been a major focal point, with federal CIO Suzette Kent testifying in a July 25 House hearing that this is one of the most important areas to address. The focus of a recent IT modernization report listed 52 tasks for agencies to complete, with 37 completed to date, and major tasks like detection tool deployment lagging behind schedule.
In addition to the White House’s report, Gene Dodaro, head of the Government Accountability Office (GAO) cited more than 1,000 unresolved recommendations that have yet to be dealt with, many of them directly related to legacy systems and their inherent risk to cybersecurity.
A recent GAO report broke down this large list in four major areas that agencies need to look toward addressing:
- Protecting federal systems and information
- Protecting critical infrastructure
- Protecting privacy and sensitive data
- Establishing a comprehensive government-wide cybersecurity strategy backed by independent and effective oversight from Congress
The breadth of these issues is in part due to the number of functions of different government agencies – some serving citizens directly and others engaged in uptake of critical infrastructure and national defense measures.
Threats Facing the Government’s IT Infrastructure
In 2017, more than 35,000 incidents were reported to the U.S. Computer Emergency Readiness Team by federal agencies. These included everything from routine phishing attacks to web-based attacks, hardware theft, and unauthorized use of systems.
Making it more difficult to address these issues, the government currently has more than 15,000 unfilled IT jobs on the books. With most agencies understaffed in these critical positions, it is difficult to stay ahead of the threats that have been identified, let alone those that remain unclear or emerging.
External threats are very real with a combination of lone-wolf hackers, foreign governments, and hostile powers testing their ability to access federal resources continuously.
Acting to Respond to Evolving Threats
Recent revisions and the implementation of a Cloud Smart approach to software systems tasks agencies with making smart decisions about how to modernize their legacy IT systems. In 2017, more than 5,000 datacenters were shut down as agencies shifted many functions to the cloud and that number is expected to grow to meet previously set goals.
At the same time, cloud service providers are required to meet strict FedRAMP requirements to support federal agency functions, standardizing and modernizing the infrastructure on which so many agencies operate. It is that shift that will prove one of the more impactful solutions to the issues being faced.
Learn more about how EconSys has worked to acquire and maintain FedRAMP compliance for our suite of FedHR Navigator software, or download our eBook: The Importance of FedRamp for Federal HR Software