Federal agencies got better at fending off cyberattacks and improving their overall cybersecurity posture last year, according to the Fiscal Year 2019 Federal Information Security Modernization Act (FISMA) Annual Report to Congress.
The report details an eight percent drop in Federal cyber incidents – despite an increase in the number of attempted cyberattacks – as agencies improved their cybersecurity efforts. The number of agencies judged to be successfully managing risk – meaning that they’ve instituted required cyber policies and tools – jumped from 62 in FY 2018, to 72 in FY 2019.
“This FISMA report reflects improvements in areas of focus under the President’s Management Agenda and Federal Agency elements of the National Cybersecurity Strategy,” Federal CIO Suzette Kent said in a May 27 Office of Management and Budget (OMB) press release. “It shows agencies are making significant progress in managing risk and also highlights that focused efforts to secure government mobile devices have been especially important in today’s expanded telework environment.”
In FY 2019, agencies faced 28,581 cybersecurity incidents, including three that the report qualified as “major incidents.” The major incidents included two incidents of sharing disaster victims’ personally identifiable information at the Federal Emergency Management Agency, and a ransomware attack at a Customs and Border Patrol contractor.
Incidents stemming from improper usage – the violation of an organization’s acceptable use policies by an authorized user – appear to be the leading method of cyber incidents in FY 2019, with a total of 12,507 cases.
Going forward, OMB said it aims to continue improving cybersecurity with a focus on digital identity, protecting high value assets, and expanding the Federal Acquisition Supply Chain Council.