recommended reading

4 Charts That Explain the State of Agency Cybersecurity after the OPM Hack


Following the massive breach of federal employee files precipitated by a series of cyberintrusions at the Office of Personnel Management, the Obama administration ordered agencies to immediately tighten network defenses during a 30-day “cybersecurity sprint.”

The results are now in. The White House posted details from the cyber review online last week.

Here are a few key takeaways with charts.

First, it’s clear agencies made great strides during the sprint. Across government, agencies increased their use of two-factor authentication.

Overall, the percentage of federal employees required to use a smart card in addition to a password to log on to federal computer networks increased from about 42 percent to more than 72 percent during the cyber sprint, according to new OMB statistics. That’s the single biggest quarterly increase since OMB began tracking the use of two-factor authentication in 2011 when the use of stronger sign-on techniques barely scraped 5 percent.

Still, some agencies made only limited progress during the latest cyber push and, somewhat inexplicably, some agencies’ use of two-factor authentication even backslid during the White House’s big cyber push.

The administration’s long-term goal has been to increase the use of two-factor to 75 percent for all users, including those with broad system privileges. After the month-long sprint, 14 agencies made the grade, including OPM and the Interior Department -- both caught up in the recent series of cyberintrusions .

At OPM, the percentage of computers required to use two-factor catapulted from 42 percent before the sprint to 97 percent afterward.

The chart below shows the five agencies with the highest percentage of employees using two-factor sign-ons after the cyber sprint.

Despite the high-profile cyber push by federal Chief Information Officer Tony Scott and the harsh political fallout of the OPM hack -- the agency’s director, Katherine Archuleta;resigned last month -- some agencies continue to lag behind when it comes to implementing stronger sign-ons.

At the agencies below, fell well below the administration’s two-factor targets. At the Energy Department, just 12 percent of users are required to sign on with using two-factor methods.

Somewhat inexplicably, some agencies actually backslid during the cyber sprint when it came to the percentage of employees using strong authentication techniques. Before the big push, for example, 32 percent of Energy employees used two-factor sign-ons. That dropped to 12 percent during the White House-mandated cyber review. The departments of Justice, Education and Defense also reported drops.

Still, some agencies reported massive leaps forward in implementing stronger sign-on measures. The Nuclear Regulatory Commission shot up by nearly 80 percent, for example. Transportation surged from just 32 percent two-factor coverage to 97 percent -- the second highest overall.

(Image via jijomathaidesigners/

By Caitlin Fairchild and Jack Moore August 4, 2015


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.