The total number of incidents the government experienced last year dropped 12% from 2017, according to the Office of Management and Budget.
Federal agencies didn’t experience a single “major” cybersecurity incident in 2018, marking the first time in three years the government avoided such a severe digital incursion, according to a recent White House report.
Not one of the more than 31,000 cybersecurity incidents that agencies faced last year reached the “major incident” threshold, which is defined as an event that affects more than 100,000 individuals or otherwise causes “demonstrable harm” to the U.S, according to the Office of Management and Budget. The government fell victim to five major incidents in 2017 and 16 in 2016.
Overall, the total number of cyber events the government experienced dropped 12% from 2017, OMB officials told Congress in their annual report on the Federal Information Security Management Act.
While OMB called this downward trend “encouraging,” they warned that agencies shouldn’t let down their guard. Phishing and other email-based attacks remain a popular strategy for online bad actors, and the government is still struggling to attribute and label the thousands of attacks every year, officials said.
The government devoted nearly $15 billion to unclassified cybersecurity efforts last year, with the Pentagon and Homeland Security Department accounting for roughly two-thirds of the spend, the report said. However, OMB noted that figure doesn’t capture the government’s investment in broader digital security efforts—like Homeland Security’s Continuous Diagnostics and Mitigation program—or cyber research and standards development.
Officials said they were working to develop new reporting structures that would help agencies better understand how the money they spend on digital security directly impacts their cyber posture. The Homeland Security Department is also investing in efforts to better measure the marginal impact of cyber spending.
In the report, OMB also said that 70 federal agencies, including all civilian CFO Act agencies, had implemented the full suite of capabilities provided under the National Cybersecurity Protection System. The tools, known collectively as Einstein, monitor the traffic flowing between agency networks and the general internet to detect potential intruders and other cyber threats.
According to OMB, all 23 civilian CFO Act agencies currently report real-time data to their agency dashboards under the CDM program. The CDM program office also expanded the security tools available to participating agencies and linked data from CFO agencies to the federal dashboard operated by Homeland Security’s National Cybersecurity and Communications Integration Center, officials said.
Still, the news wasn’t all rosy. According to the report, security assessments of agencies “high value” IT assets uncovered hundreds of security gaps and system architecture weaknesses, showing the government “continues to face challenges mitigating basic security vulnerabilities.” Indeed, numerous investigations by lawmakers and other watchdogs have repeatedly reached the same conclusion.