recommended reading

Federal Cybersecurity Misses Targets in Annual Report


More government programs violated data security law standards in 2012 than in the previous year, the White House has informed Congress.

At the same time, computer security costs have increased by more than $1 billion, according to the executive branch’s yearly report  on compliance with the 2002 Federal Information Security Management Act.

Inadequate training was a large part of the reason all-around FISMA adherence scores slipped from 75 percent in 2011 to 74 percent in 2012. 

Agencies reported that about 88 percent of personnel with system access privileges received annual security awareness instruction, down from 99 percent in 2011. Meanwhile, personnel expenses accounted for the vast majority -- 90 percent -- of the $14.6 billion departments spent on information technology security in 2012. Agencies spent $1.3 billion less on IT security in 2011. 

Other factors that led to lower FISMA marks in 2012 the major departments are not using smartcards to restrict network access and are not automatically configuring system settings. About 57 percent of user accounts require tokens to log on, down from 66 percent in 2011. A decrease in smartcard usage at the Pentagon and significantly lower usage at the Agriculture Department contributed to the decline. 

The Defense Department also fell behind in automatically applying security configuration settings, dropping from 95 percent compliance in fiscal 2011 to 53 percent due to different reporting criteria this year.  

Defense, along with the Homeland Security and Treasury departments, spent the most money on IT security, with expenditures totaling $12 billion, $615.5 million and $404 million respectively. Those figures include the cost of cybersecurity specialists, tools, testing and training. 

The Obama administration’s report, which was released publicly this week, also stated that agencies reported experiencing about 49,000 computer security incidents during 2012. In 2011, Homeland Security, which oversees federal-level network protections, received 43,889 incident reports. 

At major departments, most episodes were the result of lost or stolen equipment and data, not unauthorized access. The missing hardware included laptops, mobile devices and smartcards.

The White House report singled out work by DHS to raise the cybersecurity bar.  The department, for example, is buying sensors, consulting services and risk-analysis displays for agencies that have not instituted “continuous monitoring” -- or live tracking of security protections.

Sen. Tom Carper, D-Del., chairman of the Senate Homeland Security and Governmental Affairs Committee and backer of FISMA reforms, applauded DHS’ reported progress.

“I am encouraged to learn about the Department of Homeland Security’s outstanding implementation and maintenance of its information security programs in this report,” he stated. “I commend DHS, the Office of Management and Budget, the National Institute of Standards and Technology, the National Security Council, and others for their ongoing efforts to help struggling federal agencies improve their information security management. While a number of agencies are clearly on the right path, more steps need to be taken to enhance the overall federal government’s information security management.”

Carper will continue to monitor the deficiencies raised in the report and work with congressional colleagues and the administration to make sure those problems are properly addressed, a committee aide told Nextgov.

(Image via fotoscool/

Threatwatch Alert

User accounts compromised

1 Million Online Gaming Accounts Exposed

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.