By Frank Konkel // April 24, 2015
The cyberbullies of the world like to beat up on the U.S. government.
The Office of Management and Budget’s annual Federal Information Security Management Act report to Congress revealed that agencies reported nearly 70,000 cyberincidents in fiscal 2014, a 15 percent bump up from the previous year. My colleagues at Nextgov did an excellent job visually explaining the vast array of cyberthreats agencies face today, but what’s particularly troubling is that many of the cyber-beatings the government takes are preventable.
The FISMA report states that U.S. Computer Emergency Readiness Team incident reports "indicate that in FY 2013, 65 percent of federal civilian cybersecurity incidents were related to or could have been prevented by strong authentication implementation. This figure decreased 13 percent in FY 2014 to 52 percent of cyberincidents reported to US-CERT.”
Before we go further, here is the FISMA report’s definition of strong authentication:
The use of an “identification authentication technology to ensure that access to federal systems and resources is limited to users who require it as part of their job function. Strong authentication requires multiple factors to securely authenticate a user: (1) something the user has, such as a PIV card ...