The White House recently issued its annual cybersecurity progress report, finding that while federal agencies strengthened cybersecurity defenses in fiscal year 2016, “a significant amount of work remains to implement these controls.”
Grant Schneider, acting federal chief information security officer, wrote in a blog post announcing the report that federal agencies reported nearly 30,899 cybersecurity incidents to the Department of Homeland Security in fiscal 2016. Of those, just 16 were “major information security incidents” that required reporting information to Congress.
Most of those occurred within the Federal Deposit Insurance Corporation, and included employees taking personally identifiable information “in an unauthorized fashion.” In response, the FDIC implemented solutions that prevent employees from downloading information onto removable media.
The Treasury Department also reported two major incidents, one in January 2016 at the IRS, and one in September that involved an OCC employee downloading “a large volume of files” to removable media.
“Treasury has indicated that there is no evidence that the individual disclosed information, as the agency had previously encrypted the data,” according to the report.
Other incidents included one at the Department of Commerce in December 2015, when a power outage damaged equipment at the U.S. patent office; two at the Department of Housing and Urban Development involving personally identifiable information being made available to the public; and one in late 2016 at the Department of Health and Human Services that potentially compromised personally identifiable information. Because it happened so late in the year, the investigation and mitigation of that event will largely take place in 2017, according to the report.