Federal Manager's Daily Report

Incidents ranged from web, email and phishing attacks to loss or theft of equipment to violations of use policies by authorized users.

GAO has called new attention to numerous reports it has issued on vulnerability of agencies to cyber attacks, saying that of the more than 3,000 recommendations it has made on that issue in those reports, a fifth still have not been implemented.

“While federal agencies have gotten better at preventing and detecting intrusions into their systems, they are still vulnerable to attacks such as unauthorized computer invasions. In FY 2017, for instance, federal agencies reported more than 35,000 cybersecurity incidents,” it said in a blog.

Such incidents ranged from web, email and phishing attacks to loss or theft of equipment to violations of use policies by authorized users, GAO said. Given the sensitive nature of the information that agencies keep, there is “a serious threat to our economic, national, and personal privacy and security,” it said.

GAO noted that among its recent recommendations are that OMB and DHS “help agencies improve their intrusion detection and prevention capabilities by, among other things, identifying what obstacles and impediments affect their ability to detect and prevent intrusions.”

“We also have plans to further assess the adequacy and effectiveness of federal agencies’ information security programs,” GAO added.