*** The White House released its cybersecurity scorecard for the entire government as required under the Federal Information Security Modernization Act of 2014. There were 31,107 "cybersecurity incidents" in FY2018 according to the report, which collates and analyzes FISMA self-reporting by federal agencies, but no single episode met at threshold for a "major" incident. The total number of incidents was down 12% from FY2017. Overall, the federal government spent about $15 billion on cybersecurity, with more than half going to the Department of Defense. The report also showed that the federal government fields 4,337 systems that require a privacy impact assessment.
*** Tech officials at the Environmental Protection Agency put government data at risk by entrusting in to a cloud system without confirming the vendor's FedRAMP status, according to a new oversight report. The EPA's Office of Inspector General also found that tech officials fielded a cloud-based customer relationship management tool called Enterprise Customer Service Solution without capturing its cost and importance using approved capital planning processes and that oversight of the ECSS system lapsed as a result of not accounting for system ownership in a 2016 reorganization.
Posted on Aug 20, 2019 at 2:23 AM