A new report mandated by last year’s executive order on cybersecurity indicates that many federal agencies don’t know how hackers are targeting them, can’t tell when hackers steal large amounts of their data, and aren’t efficiently spending the cybersecurity money they have. It rates roughly three-quarters of federal agencies’ cybersecurity programs “at risk” or “at high risk.”
The EO stated that top agency leaders would be held responsible for preventable cyber incidents, but most agencies “did not, or could not, elaborate in detail on leadership engagement above the [chief information officer] level.”
Only 27 percent of agencies can detect and investigate attempts to access large amounts of their data and only 40 percent of agencies can detect when a user copies or removes massive encrypted data caches, the report found. In 38 percent of cases, agencies couldn’t identify even the attack method of a breach that had already occurred.