Snapshot

Information security incidents by agency

The Office of Management and Budget's latest report to Congress on the Federal Information Security Management Act offers a wealth of data on the state of federal information security -- including agency-by-agency breakdowns of incidents reported to the Department of Homeland Security's U.S. Computer Emergency Readiness Team.

Among 24 major agencies, the Department of Veterans Affairs reported the most incidents in fiscal 2013 with 11,368, while the National Science Foundation logged the fewest at 46. Agency totals, as well as breakdowns for VA and NSF, are detailed below.

Incidents by agency

Information security incidents reported to US-CERT in fiscal 2013.

Incidents by type

Department of Veterans Affairs

National Science Foundation

Department of Veterans Affairs Types of Incidents National Science Foundation
2161 Equipment 1
2505 Policy Violation 3
4806 Non Cyber & Other 8
152 Suspicious Activity 27
55 Unauthorized Access &
Improper Usage
1
3 Denial of Service (DoS) 0
1599 Malicious Code 4
87 Social Engineering & Phishing 2

SOURCE: GAO. Read the report.

About the Author

Jonathan Lutton is an FCW editorial fellow. Connect with him at jlutton@fcw.com

Reader comments

Thu, May 29, 2014

Maybe VA has implemented better tools and processes in place to detect and report incidents than NSF. Maybe they are reporting false positives. Let's not have the manager's in IT start cooking "those" books. Or maybe NSF adjusts what qualifies as an incident. If you use the same tools, policies and processes you can compare but when everyone has their own approach to measuring, you can't compare apples to oranges.

Wed, May 28, 2014

Mr. Stat, I have doubts about your moniker. VA has closer to 350,000 employees and close to that many other associates that require badging and security. That 20 times as many employees as NSF.

Mon, May 12, 2014 Mr. Stat

It would help if these graphs were normalized by actual agency size. VA has 100,000+ employees and NSF 3,000? Its hard to tell if by population whether VA is % wise greater than other government agencies.

Mon, May 12, 2014 RayW

Unless you were to do a LOT more research on your own (even beyond the referenced report), you would think that the VA is by far one of the comedy shows from the 1930's and 1940's based on the graph in the article. What is left unsaid is how many people are involved, how many sites, how many devices, what is the nature of the device usage? Granted, the VA has some very bad press due to stupidity on the part of some stupid employees, but without the rest of the information it is like trying to determine wasteful lawn watering practices based only on supplementary water usage while not knowing the rainfall pattern, average humidity, soil conditions, and temperature of each area.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above