430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Incidents at Federal Government Agencies increased more than 1,000 percent since 2006

According to a new report by the Government Accountability Office (GAO), The Federal Government needs for stronger controls across Federal Agencies. According to a report submitted as testimony by Greg Wilshusen, director of information security issues at GAO, in a recent congressional hearing cybersecurity incidents that involved federal government have increased more than 1,000 percent since 2006. The […]

MTTR

According to a new report by the Government Accountability Office (GAO), The Federal Government needs for stronger controls across Federal Agencies.

According to a report submitted as testimony by Greg Wilshusen, director of information security issues at GAO, in a recent congressional hearing cybersecurity incidents that involved federal government have increased more than 1,000 percent since 2006.

The document reports that in the fiscal year 2014, federal agencies suffered 67,168 cyber security incidents that exposed personally identifiable information (PII), meanwhile the number of incidents in 2006 was just 5,503 (+ 1,121%).

Federal Government security GAO Report

The recent Office of Personnel Management breaches are the largest ever to affect the federal government, they raised the alarm on the level of security of other government agencies.

Given the increasing number of incidents, it is crucial that federal agencies take appropriate countermeasures to mitigate the risks and protect federal systems.

“Agencies continue to have shortcomings in assessing risks, developing and implementing security controls, and monitoring results. Specifically, for fiscal year 2014, 19 of the 24 federal agencies covered by the Chief Financial Officers (CFO) Act reported that information security control deficiencies were either a material weakness or a significant deficiency in internal controls over their financial reporting.” states the GAO report.

DHS and Office of Management and Budget (OMB) have several initiatives to improve the cybersecurity of federal government agencies.

The report highlights three initiatives to improve the cyber security of federal agencies:

  • Personal identification verification (PIV) technology. The NIST defined requirements the identity verification based on “smart cards.”
  • Continuous diagnostics and mitigation controls, a program to provide capabilities and tools that allow the federal government to promptly identify cybersecurity risks, prioritize them and adopt countermeasures to mitigate them.
  • National Cybersecurity Protection System at the Department of Homeland Security (Einstein). ” Einstein is a suite of capabilities intended to detect and prevent malicious network traffic from entering and exiting federal civilian government networks.

The experts of the US government are aware of the risks related to cyber attacks and consider essential the adoption of a ‘defense in depth’ approach that will allow the improvement of security posture, mitigation of risks and early detection of ongoing attacks.

Pierluigi Paganini

(Security Affairs – cyber security, Federal government)