Critical Read

Federal cybersecurity: Not as bad as you might think

Third Annual BitSight Insights Industry Benchmark Report (September 2015).

What: The third annual edition of “Insights Industry Benchmark Report” from BitSight Technologies, which analyzed security ratings of nearly 10,000 organizations in six sectors: finance, federal government, retail, energy and utilities, health care and education.

Why: While federal cybersecurity practices have been raked over the coals recently, BitSight awarded the government the second overall performance rating among the half dozen sectors it examined, trailing only finance.

Since the breach at the Office of Personnel Management, legislators, analysts and others have demanded that Washington get its cyber defenses in working order. A report by the Institute for Critical Infrastructure Technology said the federal government was “ill-equipped,” with “abysmal security practices” and “antiquated cyber security infrastructure.” According to the BitSight report’s findings, however, “many agencies are performing well as a sector in defending, detecting and recovering from network threats,” and improved over the past year.

BitSight Security Ratings range from 250 to 900, with higher ratings equating to higher security performance. With a score of 688, the federal government’s score for the August 2014-August 2015 period was up over the previous year by four points. The financial sector had the highest rating, at 716. Education came in last at 554.

In some categories, though, feds exhibited problems, ranking next to last when it came to protecting against major SSL vulnerabilities, although the report noted that “companies in every industry sector are vulnerable” to secure sockets layer attacks.

Verbatim: “The OPM breach, purportedly undertaken by Chinese hackers, compromised the records of 25.7 million records of current, former and prospective government employees and contractors. Since this time, there have been consistent calls from lawmakers and Washington pundits for the government to get its cyber house in order. Nevertheless, our analysis of 119 different government entities shows that many of these agencies are performing well as a sector when it comes to overall security performance.”

Full report: Download the report here.

About the Author

Aleida Fernandez is an FCW editorial fellow.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.