No agencies hit by WannaCry so far

It's been nearly two years since the govermentwide cybersprint following the massive Office of Personnel Management data breaches. Yet acting federal CIO Margie Graves said on May 17 that those efforts are still paying dividends.

The latest example, Graves said, is the WannaCry ransomware attack. While the malware, which relies in part on software exploits, hit computers in more than 150 countries of the past few days, federal systems seem to have emerged unscathed.

"To date, I have not heard of a federal government victim of this particular incident," she said to audience applause at FedScoop's Public Sector Innovation Summit.

"We picked the things in the cyber sprint for a reason," Graves told reporters after her speech, "because they were primary threat vectors, and because we knew we needed to fix them."

Particularly important for a threat like WannaCry, she said, was ensuring that agencies could "truly scan" their network environments and report back on vulnerabilities almost immediately. If more organizations did the same, she said, the latest RansomWare attack might have found far fewer vulnerable systems.

Federal systems remain far from impervious, Graves said, "because there are always zero day attacks," but she said it was gratifying to see the hard work of two years ago "starting to show results." 

In her public remarks, Graves said the government was probably due for another sprint -- though perhaps not quite so speedy as the 2015 exercise. "I wouldn't wish that on anybody," she said "trying to do all that in 30 days."