Federal Cybersecurity Second Only to Finance Industry, New Report Says


Despite the OPM hack, federal cybersecurity isn't so bad -- especially compared to the education industry.

Relative to other industries, the federal government is pretty well protected against cyberattacks, a new report claims. 

Out of six industries, finance is most prepared to fend off cyberthreats, but the federal government isn't far behind, according to Cambridge, Massachusetts-based security assessment firm BitSight Technologies.

The federal government is "currently in the spotlight in the wake of the Office of Personnel Management mega breach," but BitSight, which examined 119 government entities, including those in health care, education and defense, among others, concluded agencies are "performing well as a sector" in "defending, detecting and recovering from network threats."

But the report noted the federal government was the second worst at protecting its networks from vulnerabilities in SSL -- a system designed to protect communication over a network. A little more than 7 percent of agencies were still vulnerable to the Heartbleed bug, a flaw detected in the OpenSSL encryption protocol. The majority of federal systems weren't protected against two other SSL bugs called FREAK and POODLE, with 50.4 percent and 79 percent of agencies still vulnerable.

Education was the worst at protecting networks -- 23.2 percent of education organizations were running systems vulnerable to Heartbleed, and 75.6 percent and 90.7 percent to FREAK and POODLE, respectively. Finance was, again, the best -- with 2.6 percent of financial organizations still vulnerable to Heartbleed, and 30.4 percent and 69 percent to FREAK and POODLE respectively. 

"Given the widespread publicity surrounding some of these vulnerabilities, it is surprising that companies have servers running outdated and vulnerable versions of OpenSSL," the report said. 

BitSight gave firms in each industry a security rating on a 250 to 900 point scale; companies in the financial industry scored an average 716, compared to 712 last year. Agencies in the federal government scored 688 and 684 this year and last year, respectively.

The education industry trailed behind the retail, energy and utilities, and health care industries with a score of 554, compared to 551 last year. BitSight examined 9,708 companies and organizations in total, between August 2014 and August 2015.

(Image via voyager624/ Shutterstock.com)