Office of Management and Budget: Three-Quarters of Federal Agencies Do Not Have Secure Cybersecurity Systems

A new report from the Office of Management and Budget (OMB) states that 74 percent of federal agencies have cybersecurity programs at risk of being compromised by external players. The Federal Cybersecurity Risk Determination Report and Action Plan was drafted in response to President Trump’s cybersecurity executive order that he issued last May.

The report examined the cybersecurity programs of 96 agencies with a checklist of 76 metrics, and found that those agencies, only 25 were sufficiently protecting themselves against dangerous attacks. 59 agencies were deemed at risk of attack, and 12 are at high risk. The report also found that many agencies do not possess an understanding of how external players can gain access to their systems, hindering their abilities to bolster their current systems. The report notes that 38 percent of cyber-attacks that affected federal systems “did not have an identified attack vector.”

Looking forward, the report lays out four “core actions” federal agencies should take to bolster and safeguard their cybersecurity systems from future attacks:

• Increase cybersecurity threat awareness among Federal agencies by implementing the Cyber Threat Framework to prioritize efforts and manage cybersecurity risks
• Standardize IT and cybersecurity capabilities to control costs and improve asset management
• Consolidate agency SOCs to improve incident detection and response capabilities
• Drive accountability across agencies through improved governance processes, recurring risk assessments, and OMB’s engagements with agency leadership

To view the full report, click here: https://www.whitehouse.gov/wp-content/uploads/2018/05/Cybersecurity-Risk-Determination-Report-FINAL_May-2018-Release.pdf