It's a truism by now that the federal government struggles with cybersecurity, but a report[1] recent report by the White House's Office of Management and Budget reinforces the dire need for change across dozens of agencies. Of the 96 federal agencies it assessed, it deemed 74 percent either "At Risk" or "High Risk," meaning that they need crucial and immediate improvements.
While the OMB findings shouldn't come as a complete shock, given previous bleak assessments—not to mention devastating government data breaches[2]—the stats are jarring nonetheless. Not only are so many agencies vulnerable, but over half lack even the ability to determine what software runs on their systems. And only one in four agencies could confirm that they have the capability to detect and investigate signs of a data breach, meaning that the vast majority are essentially flying blind. "Federal agencies do not have the visibility into their networks to effectively detect data exfiltration attempts and respond to cybersecurity incidents," the report states bluntly.
Perhaps most troubling of all: In 38 percent of government cybersecurity incidents, the relevant agency never identifies the "attack vector," meaning it never learns how a hacker perpetrated an attack. "That’s definitely problematic," says Chris Wysopal, CTO of the software auditing firm Veracode. "The whole key of incident response is understanding what happened. If you can’t plug the hole the attacker is just going to come back in again."
Producing the "Risk Determination Report and Action Plan" was a requirement of the Trump administration's May cybersecurity Executive Order[3], and while passing the EO was a positive step in terms of prioritizing digital defense, progress overall has been mixed. The report also comes at a time when the White House has been sending conflicting messages about its focus