Critical Read

Federal cybersecurity: Not as bad as you might think

Third Annual BitSight Insights Industry Benchmark Report (September 2015).

What: The third annual edition of “Insights Industry Benchmark Report” from BitSight Technologies, which analyzed security ratings of nearly 10,000 organizations in six sectors: finance, federal government, retail, energy and utilities, health care and education.

Why: While federal cybersecurity practices have been raked over the coals recently, BitSight awarded the government the second overall performance rating among the half dozen sectors it examined, trailing only finance.

Since the breach at the Office of Personnel Management, legislators, analysts and others have demanded that Washington get its cyber defenses in working order. A report by the Institute for Critical Infrastructure Technology said the federal government was “ill-equipped,” with “abysmal security practices” and “antiquated cyber security infrastructure.” According to the BitSight report’s findings, however, “many agencies are performing well as a sector in defending, detecting and recovering from network threats,” and improved over the past year.

BitSight Security Ratings range from 250 to 900, with higher ratings equating to higher security performance. With a score of 688, the federal government’s score for the August 2014-August 2015 period was up over the previous year by four points. The financial sector had the highest rating, at 716. Education came in last at 554.

In some categories, though, feds exhibited problems, ranking next to last when it came to protecting against major SSL vulnerabilities, although the report noted that “companies in every industry sector are vulnerable” to secure sockets layer attacks.

Verbatim: “The OPM breach, purportedly undertaken by Chinese hackers, compromised the records of 25.7 million records of current, former and prospective government employees and contractors. Since this time, there have been consistent calls from lawmakers and Washington pundits for the government to get its cyber house in order. Nevertheless, our analysis of 119 different government entities shows that many of these agencies are performing well as a sector when it comes to overall security performance.”

Full report: Download the report here.

About the Author

Aleida Fernandez is an FCW editorial fellow.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.