Information security incidents by agency

The Office of Management and Budget's latest report to Congress on the Federal Information Security Management Act offers a wealth of data on the state of federal information security -- including agency-by-agency breakdowns of incidents reported to the Department of Homeland Security's U.S. Computer Emergency Readiness Team.

Among 24 major agencies, the Department of Veterans Affairs reported the most incidents in fiscal 2013 with 11,368, while the National Science Foundation logged the fewest at 46. Agency totals, as well as breakdowns for VA and NSF, are detailed below.

Incidents by agency

Information security incidents reported to US-CERT in fiscal 2013.

Incidents by type

Department of Veterans Affairs

National Science Foundation

Department of Veterans Affairs Types of Incidents National Science Foundation
2161 Equipment 1
2505 Policy Violation 3
4806 Non Cyber & Other 8
152 Suspicious Activity 27
55 Unauthorized Access &
Improper Usage
3 Denial of Service (DoS) 0
1599 Malicious Code 4
87 Social Engineering & Phishing 2

SOURCE: GAO. Read the report.

About the Author

Jonathan Lutton is an FCW editorial fellow. Connect with him at

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Thu, May 29, 2014

Maybe VA has implemented better tools and processes in place to detect and report incidents than NSF. Maybe they are reporting false positives. Let's not have the manager's in IT start cooking "those" books. Or maybe NSF adjusts what qualifies as an incident. If you use the same tools, policies and processes you can compare but when everyone has their own approach to measuring, you can't compare apples to oranges.

Wed, May 28, 2014

Mr. Stat, I have doubts about your moniker. VA has closer to 350,000 employees and close to that many other associates that require badging and security. That 20 times as many employees as NSF.

Mon, May 12, 2014 Mr. Stat

It would help if these graphs were normalized by actual agency size. VA has 100,000+ employees and NSF 3,000? Its hard to tell if by population whether VA is % wise greater than other government agencies.

Mon, May 12, 2014 RayW

Unless you were to do a LOT more research on your own (even beyond the referenced report), you would think that the VA is by far one of the comedy shows from the 1930's and 1940's based on the graph in the article. What is left unsaid is how many people are involved, how many sites, how many devices, what is the nature of the device usage? Granted, the VA has some very bad press due to stupidity on the part of some stupid employees, but without the rest of the information it is like trying to determine wasteful lawn watering practices based only on supplementary water usage while not knowing the rainfall pattern, average humidity, soil conditions, and temperature of each area.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group