Federal cybersecurity: Not as bad as you might think
Despite a spate of major breaches, turns out the federal government has relatively good cybersecurity, at least according to a new study from BitSight Technologies.
What: The third annual edition of “Insights Industry Benchmark Report” from BitSight Technologies, which analyzed security ratings of nearly 10,000 organizations in six sectors: finance, federal government, retail, energy and utilities, health care and education.
Why: While federal cybersecurity practices have been raked over the coals recently, BitSight awarded the government the second overall performance rating among the half dozen sectors it examined, trailing only finance.
Since the breach at the Office of Personnel Management, legislators, analysts and others have demanded that Washington get its cyber defenses in working order. A report by the Institute for Critical Infrastructure Technology said the federal government was “ill-equipped,” with “abysmal security practices” and “antiquated cyber security infrastructure.” According to the BitSight report’s findings, however, “many agencies are performing well as a sector in defending, detecting and recovering from network threats,” and improved over the past year.
BitSight Security Ratings range from 250 to 900, with higher ratings equating to higher security performance. With a score of 688, the federal government’s score for the August 2014-August 2015 period was up over the previous year by four points. The financial sector had the highest rating, at 716. Education came in last at 554.
In some categories, though, feds exhibited problems, ranking next to last when it came to protecting against major SSL vulnerabilities, although the report noted that “companies in every industry sector are vulnerable” to secure sockets layer attacks.
Verbatim: “The OPM breach, purportedly undertaken by Chinese hackers, compromised the records of 25.7 million records of current, former and prospective government employees and contractors. Since this time, there have been consistent calls from lawmakers and Washington pundits for the government to get its cyber house in order. Nevertheless, our analysis of 119 different government entities shows that many of these agencies are performing well as a sector when it comes to overall security performance.”
Full report: Download the report here.