The Federal government saw a 12 percent reduction in cybersecurity incidents in fiscal year 2018, and no “major” cybersecurity incidents for the year, according to the Office of Management and Budget’s annual report on the Federal Information Security Modernization Act (FISMA).
The report released on August 16 finds that Federal agencies experienced 31,107 cybersecurity incidents in FY2018, a reduction from the 35,277 incidents in FY2017. And it highlights the lack of any major cyber incidents – defined as incidents that could harm national security interests, public confidence, among other factors – during FY2018.
Despite the improved numbers on cyber incidents, OMB said, “The Federal government must continue to act to reduce the impact that cybersecurity incidents have on the Federal enterprise.”
OMB also reported progress on two major Federal security programs administered by the Department of Homeland Security:
- All 23 CFO Act agencies, and most smaller agencies, have implemented all of the protections of the EINSTEIN program that provides IP gateway security; and
- All CFO Act agencies report data in near real-time to agency dashboards under the Continuous Diagnostics and Mitigation (CDM) program, and have successfully conducted data exchanges between agency dashboards and the Federal-level CDM dashboard.
One area for improvement in Federal cybersecurity could be privacy protections – only 67 percent of CFO Act agencies and 54 percent of non-CFO Act agencies have established an agency-wide privacy continuous monitoring program, OMB said. Similarly, only 71 percent of CFO Act agencies and 51 percent of smaller agencies conducted role-based privacy training before authorizing access, it said.
OMB said the FY2018 the report showed “encouraging” progress, and highlighted other ongoing efforts including development of a new Trusted Internet Connections policy, implementing the Cyber Threat Framework, and OMB’s new Identity, Credential, and Access Management policy.