Cybersecurity incidents involving federal agencies declined overall in 2018 but threats continued from both outside and inside, according to OMB’s annual report under the Federal Information Security Management Act.
Of the some 31,100 incidents reported, down about 12 percent from 2017, the largest single category, accounting for nearly 9,700 was “improper usage”—which the report defines as an “incident resulting from violation of an organization’s acceptable usage policies by an authorized user,” excluding certain activities. That was up from about 7,900 in 2017.
Loss or theft of a device or media used by the organization accounted for another 2,600, down from 4,400.
Email/phishing attacks were the second-most common type of identified incident, about 6,900, down about 400, although attacks of unknown origin accounted for about 8,300, down from about 10,500. Web-based attacks accounted for almost all the rest.
It said that in 2018 there was no “major incident,” defined as one that is “likely to result in demonstrable harm to the national security interests, foreign relations, or the economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.”
The report also summarizes the status of initiatives including increasing cybersecurity threat awareness; identity, credentialing and access management; continuous diagnostics; security standards for email and websites; protecting “high-value” assets; and reducing agency use of personally identifying information such as Social Security numbers.