Critical Read

Federal cybersecurity: Not as bad as you might think

Third Annual BitSight Insights Industry Benchmark Report (September 2015).

What: The third annual edition of “Insights Industry Benchmark Report” from BitSight Technologies, which analyzed security ratings of nearly 10,000 organizations in six sectors: finance, federal government, retail, energy and utilities, health care and education.

Why: While federal cybersecurity practices have been raked over the coals recently, BitSight awarded the government the second overall performance rating among the half dozen sectors it examined, trailing only finance.

Since the breach at the Office of Personnel Management, legislators, analysts and others have demanded that Washington get its cyber defenses in working order. A report by the Institute for Critical Infrastructure Technology said the federal government was “ill-equipped,” with “abysmal security practices” and “antiquated cyber security infrastructure.” According to the BitSight report’s findings, however, “many agencies are performing well as a sector in defending, detecting and recovering from network threats,” and improved over the past year.

BitSight Security Ratings range from 250 to 900, with higher ratings equating to higher security performance. With a score of 688, the federal government’s score for the August 2014-August 2015 period was up over the previous year by four points. The financial sector had the highest rating, at 716. Education came in last at 554.

In some categories, though, feds exhibited problems, ranking next to last when it came to protecting against major SSL vulnerabilities, although the report noted that “companies in every industry sector are vulnerable” to secure sockets layer attacks.

Verbatim: “The OPM breach, purportedly undertaken by Chinese hackers, compromised the records of 25.7 million records of current, former and prospective government employees and contractors. Since this time, there have been consistent calls from lawmakers and Washington pundits for the government to get its cyber house in order. Nevertheless, our analysis of 119 different government entities shows that many of these agencies are performing well as a sector when it comes to overall security performance.”

Full report: Download the report here.

About the Author

Aleida Fernandez is an FCW editorial fellow.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.