Federal agencies have made significant cybersecurity gains
Improving cybersecurity has been and remains a key priority for agencies throughout the federal government. As countless recent incidents have demonstrated, though, current efforts are not sufficient and many departments' sensitive data and other assets remain vulnerable to determined, skilled hackers and cybercriminals.
Fortunately, there are significant signs of progress in this area, as Performance.gov's recent fourth quarter update revealed. Federal News Radio noted that this update found most agencies have demonstrated gains toward meeting the Obama administration's Cross-Agency Priority Goals in the realm of cybersecurity. However, there is still a great deal of room for improvement.
The source noted that the CAP goals were created as part of the 2015 budget, developed last spring. These goals are based on a four-year timeline and address a number of key areas. In terms of cybersecurity, the CAP goal is to "[i]mprove cybersecurity performance through ongoing awareness of information security, vulnerabilities, and threats impacting the operating information environment, ensuring that only authorized users have access to resources and information; and the implementation of technologies and processes that reduce the risk of malware."
In particular, the CAP cybersecurity goals stressed the importance of agencies improving their information security monitoring, identity and access management capabilities and anti-phishing/anti-malware efforts.
The report found that in the fourth quarter of this year, monitoring capabilities expanded to 92.3 percent of the CAP targets, up from 88.3 percent the previous quarter. Authentication abilities increased in this period, from 64.6 percent to 72 percent. Anti-phishing and anti-malware efforts also improved, but by a very small margin. In total, agencies' Cyber CAP Progress reached 89.4 percent, up from 85.5 percent in the third quarter of this year.
Room for improvement
Obviously, this represents significant progress. However, the report emphasized that agencies still have a ways to go before they actually reach the CAP goals for cybersecurity. Of the 15 target areas, the agencies as a whole have reached their target benchmarks in only one – anti-phishing and anti-malware defenses. Certain agencies have met their goals in specific areas, though.
This reinforces the notion that while agency IT departments are making strides in the realm of cybersecurity, progress is not happening quickly enough. After all, it is not just the agencies themselves that are developing superior strategies and technologies – the same is also true of the hackers and cyberattackers eager to access sensitive government information. To remain one step ahead of these threats, federal agencies need to ramp up their cybersecurity efforts.
Unfortunately, the reality of the situation is that many agencies lack the in-house talent and resources to execute such efforts themselves. However, this does not mean that agencies are doomed to experience data breaches and other security incidents. Instead, government organizations should look to third-party cybersecurity consulting firms for guidance and assistance in this area. By seeking out such firms' expertise and resources, federal agencies can make much greater progress toward revamping and cementing their cybersecurity capabilities.