Feds saw more cyberattacks but better detection last year, FISMA report says

Matt Anderson Photography/Getty Images

11 major incidents were reported by agencies in FY2023.

Federal agencies saw a nearly 10% increase in cyberattacks targeting their systems last year, but they’ve also been able to augment their detection and categorization of the digital incursions, according to a report issued to Congress last week.

The fiscal year 2023 readout from the Office of Management and Budget, which oversees the Federal Information Security Modernization Act, says federal agencies reported 32,211 cyber incidents to the Cybersecurity and Infrastructure Security Agency, versus 29,319 incidents in the prior year period.

The most notable rise was observed in attrition attacks — brute force methods aimed at compromising systems — which surged from 197 incidents in FY22 to 1,147 in FY23. Email phishing attacks also saw a major increase, more than doubling from 3,011 to 6,198 incidents, reflecting an already observed prevalence of deceptive tactics that can help hackers infiltrate government networks. 

The observed increase in attacks is partly linked to agencies’ improvements in detection capabilities, which involved “additional automation and training, and changes in event and incident tracking methodologies,” the FISMA paper said.

But 30 additional incidents in 2023 were rated as “Medium” risk, defined by CISA’s National Cyber Incident Scoring System as those that “may affect public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence,” says the report.

Eleven of those cyberattacks were categorized as “major” incidents, as defined by a December 2023 federal information security memorandum. The Departments of Health and Human Services, Treasury and Justice were among the agencies falling under that category, facing attacks that compromised personal data-containing records and certain administrative systems that managed funding.

Civilian agencies have faced myriad cyber threats over the past year. They could be in line for a 10% increase in cybersecurity funds under the White House’s 2025 budget request, though the final number may change as Congress reconciles budget talks in the coming months.