U.S. Government Was Hacked 77,000 Times Last Year
The federal government experienced 77,183 cyber incidents last year, according to a recent report by the Office of Management and Budget. Those incidents, more than 200 a day, covered everything from denial-of-service attacks against government websites to the theft of over 20 million personnel files.
The massive amount of cyber incidents represents a 10 percent increase from previous years, though federal agencies are getting better at preventing cyber attacks, according to the report.
Non-Stop Cyber Incidents
The report comes as part of the OMB's annual information security report to Congress and provides some valuable insight into the government's cybersecurity efforts -- and the never-ending onslaught of cyber attacks federal agencies are facing.
The report defines cyber incidents as "a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices." That's a broad definition, encompassing everything from malware, to data theft, to unauthorized access and port scans.
And cyber threats varied greatly between government agencies. There were 837 cybersecurity incidents involving malware in the Department of Agriculture, by far the USDA's most common incident. Policy violations were the Department of Defense's most commonly reported incident, occurring 1,627 times, while "suspicious network activity" was all over the EPA.
Some Improvements in Federal Cybersecurity
Few of those cybersecurity incidents were deemed significant, but those that were ended up being very significant. Last year saw some of the most high-profile government hacks ever, including the hacking of State Department emails and the Office of Personnel Management's data breach, which resulted in the theft of personal information on over 20 million people.
The OMB report, though, seems to indicate that things might finally be getting better. First, much of the 10 percent increase in incidents can be attributed to better cybersecurity identification. The OMB's month-long "cybersecurity sprint" last summer is also credited with strengthening cybersecurity measures throughout the federal agencies.
Last October, the OMB set forth its new plan to modernize federal cybersecurity. Its main objectives included:
- Prioritizing identification and protection of valuable information
- Quick detection and response to cyber incidents
- Improved recovery times after incidents occur
- Creating a highly qualified federal cybersecurity workforce
- Broad implementation of existing and emerging cybersecurity technology
But there are still some major gaps. The EPA, for example, had no filtering of potentially malicious web content, while the Department of Defense reported no capability to quarantine or black malicious email.
- Number of Cyber 'Incidents' Up at Federal Agencies: Report (Wall Street Journal)
- The 6 Most Newsworthy Data Breaches of 2015 (FindLaw's Technologist)
- Legal Industry Gets a Forum for Cybersecurity Info Sharing (FindLaw's Technologist)
- Federal Laws Lag Behind Tech Privacy Breaches (FindLaw's Technologist)
You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help
Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.