Technology
baranozdemir/Getty Images
For the second year in a row, information security incidents in government agencies increased by more than 40 percent in fiscal year 2013, according to an annual report on how government agencies handle security. A security incident includes situations like a stolen laptop, a computer virus download or the mishandling of paper records.
Since 2010, the number of reported security incidents has more than doubled. While total reported incidents increased 43 percent, from about 153,000 in fiscal year 2012 to nearly 219,000 in 2013, compliance with government security standards also increased, from 73 percent to 81 percent, signaling improvements in the presence of security measures despite more chances for private information to leak.
The Department of Veterans Affairs (VA) reported the most security incidents, at 11,368, and the National Science Foundation reported the fewest, with 46. However, this doesn’t necessarily mean the VA is the least secure, since larger agencies have more chances of having security breaches. The VA, with over 320,000 employees, is the second largest federal department, smaller only than the Department of Defense, and serves approximately 70 million people.
The Federal Information Security Management Act (FISMA) details government standards for security. In 2013 compliance scores were determined by 99 criteria, ranging from being able to detect and block unauthorized software to security training.
| Government agency | No. of security incidents in 2013 | % compliance 2010–2013 |
|---|---|---|
| Department of Veterans Affairs | 11,368 | 57% 57, 52.8, 81, 81 81% |
| Department of Health and Human Services | 8,226 | 65% 64.7, 50.9, 50, 43 43% |
| National Aeronautics and Space Administration | 6,967 | 61% 60.8, 92.9, 92, 91 91% |
| Social Security Administration | 4,964 | 100% 100, 96.9, 98, 96 96% |
| Department of Justice | 4,582 | 86% 85.8, 91.2, 94, 98 98% |
| Department of Defense | 3,894 | N/A |
| Department of Treasury | 2,962 | 86% 86.4, 79.4, 76, 76 76% |
| Department of Homeland Security | 2,924 | 93% 92.5, 93.4, 99, 99 99% |
| Department of Commerce | 2,328 | 78% 77.9, 81.4, 61, 87 87% |
| Department of Transportation | 2,115 | 30% 29.8, 44.2, 53, 61 61% |
| Department of Agriculture | 1,796 | 14% 13.7, 32.5, 34, 37 37% |
| Department of State | 1,391 | 79% 79.4, 63.2, 53, 51 51% |
| Department of Energy | 1,158 | 85% 84.6, 84.3, 72, 75 75% |
| Department of Interior | 865 | 25% 24.6, 42.2, 92, 79 79% |
| Department of Housing and Urban Development | 540 | 87% 87.3, 66.1, 66, 29 29% |
| Department of Education | 465 | 72% 71.9, 57.5, 79, 89 89% |
| General Services Administration | 397 | 88% 87.6, 84.2, 99, 98 98% |
| Office of Personnel Management | 265 | 58% 57.8, 78.6, 77, 83 83% |
| US Agency for International Development | 208 | 90% 90.4, 53.8, 66, 83 83% |
| Department of Labor | 206 | 45% 44.5, 71.6, 82, 76 76% |
| Environmental Protection Agency | 191 | 99% 99.2, 94.9, 77, 77 77% |
| Nuclear Regulatory Commission | 179 | 97% 96.7, 94.8, 99, 98 98% |
| Small Business Administration | 97 | 50% 50.3, 68.7, 57, 55 55% |
| National Science Foundation | 46 | 99% 98.9, 98.8, 90, 88 88% |
| Overall | 58,134 | 71% 71.4, 72.8, 76, 76 76% |
“As with the private sector, cybersecurity is a continual, iterative process for the government,” said Office of Management and Budget representative Jamal Brown in an email to Al Jazeera. “The entirety of the report is an important opportunity each year for the government to assess its cybersecurity efforts.”
Correction: An earlier version of this article mislabeled the second table as compliance with FISMA guidelines. The third column is based on guidelines from the Inspector Generals of each agency.
Error
Sorry, your comment was not saved due to a technical problem. Please try again later or using a different browser.