Gov’t Information Security Incidents Increased 1,121% in Last Decade

Federal agencies’ information at ‘high risk’

• September 30, 2015 2:10 pm


The majority of federal agencies have not addressed significant weaknesses in cyber security, as security incidents increased by more than 1,000 percent in less than a decade, according to the Government Accountability Office (GAO).

Federal employee and taxpayer information remains at "high risk," according to a new audit. The GAO reviewed the security systems of 24 federal agencies between last December and September 2015.

"Federal agencies’ information and systems remain at a high risk of unauthorized access, use, disclosure, modification, and disruption," the GAO said. "These risks are illustrated by the wide array of cyber threats, an increasing number of cyber incidents and breaches of PII [personally identifiable information] occurring at federal agencies."

The report said the number of security incidents across the federal government has skyrocketed in the past decade. In 2006, there were only 5,503 security incidents. Last year the number rose to 67,168—an increase of 1,121 percent.

The number of incidents that involved personally identifiable information (PII) has also increased, more than doubling from 10,481 in 2009 to 27,624 in 2014.

"These incidents and others like them can pose a serious challenge to economic, national, and personal privacy and security," the GAO said.

Weaknesses with cyber systems have occurred while federal agencies have not addressed "hundreds of recommendations" to improve security from the GAO and inspectors general in recent years.

"[The Office of Management and Budget] OMB and federal agencies have initiated actions intended to enhance information security at federal agencies," the GAO said. "Nevertheless, persistent weaknesses at agencies and breaches of PII demonstrate the need for improved security."

"Until agencies correct longstanding control deficiencies and address the hundreds of recommendations that we and agency inspectors general have made, federal systems will remain at increased and unnecessary risk of attack or compromise," they said.

The audit was released amidst increasing concerns over cyber security after the hack of the Office of Personnel and Management (OPM). The OPM hack, revealed this summer as the biggest cyber attack in U.S. history, compromised the personal information of more than 20 million federal workers.

Other security breaches over the past year include approximately 330,000 taxpayer accounts with the Internal Revenue Service (IRS) that were compromised in June and a hack into the U.S. Postal Service that affected 800,000 employees last September.

The GAO found earlier this year that the IRS had not "installed appropriate security updates on all of its databases and servers" or met over 50 recommendations to improve its information security.

In addition, the Federal Aviation Administration had "significant security control weaknesses" in five air traffic control systems, which are "necessary for ensuring the safe and uninterrupted operation of the national airspace system."

Over the past two years, the majority of the 24 federal agencies reviewed had "weaknesses in each of the five major categories of information system controls," the audit said.

Published under: Cyber Security