Agency cybersecurity incidents grew by almost 10% last year

OMB's latest FISMA report to Congress shows an increase from more than 29,000 cybersecurity incidents in 2022 to 32,000 in 2023.

  • The number of cybersecurity incidents in 2023 grew by almost 10%. Agencies reported more than 32,000 cyber incidents to the Cybersecurity and Infrastructure Security Agency in fiscal 2023. The latest Federal Information Security Modernization Act (FISMA) report to Congress from the Office of Management and Budget showed an increase from more than 29,000 cyber incidents from the year before. Of those 32,000 incidents, 38% — or more than 12,000 — were due to improper usage, which means someone violated an agency's acceptable use policy. The second biggest attack vector, once again, was email phishing, which saw more than a 50% increase in 2023 as compared to 2022. The good news, OMB said, is 99% of all incidents in 2023 were considered "unsubstantiated or inconsequential event[s]."
  • Federal office space remains a top priority for the General Services Administration to address. GSA has started taking steps to address the challenge of federal office holdings. But the Government Accountability Office said GSA needs to make a full plan of action to help agencies fix their underutilization of office space. Managing office space post-pandemic has been on GAO’s list of the top priorities for GSA to address since 2022. GAO said its recommendations could help agencies make better post-pandemic decisions for potential changes to their real estate holdings.
  • The House Armed Services Committee’s bipartisan proposal to require the Defense Department to study the establishment of a cyber force is bringing back a long-running debate over the U.S. Cyber Command’s organizational challenges. The measure in the House Armed Services Committee’s version of the 2025 defense policy bill seeks an independent study of establishing a separate armed force dedicated to cyber. If passed, the measure would require the Defense Department to enter into an agreement with the National Academy of Sciences to conduct the evaluation. The provision has a “prohibition against interference,” which prohibits the Defense Department’s personnel from interfering or exerting influence to alter the findings of the National Academy of Sciences. If passed, the Academy will have nine months to complete the study.
  • A new playbook will help agencies set up neurodiversity programs. The "Neurodiversity@Work Playbook Federal Edition" includes best practices and addresses key questions for agencies. The playbook was release in May by the University of Washington, MITRE and D.C.-based nonprofit Melwood. Its authors say the playbook can help agencies be more inclusive for people with autism and other neurodivergent conditions. It builds on pilot programs started by the National Geospatial Intelligence Agency and the Cybersecurity and Infrastructure Security Agency.
  • New legislation in the House would prohibit the Department of Homeland Security from buying batteries made by six Chinese companies. Sponsors of the bill said it will help decouple the U.S. supply chain from a geopolitical adversary. The ban would go into effect on October 1, 2027. China produces about 80% of the world’s batteries, including about 70% of all lithium-ion batteries. The new legislation would give the secretary of homeland security the power to waive the prohibition if there are no viable alternatives.
  • The government’s inventory of federal retirement claims is at its lowest level in eight years. The Office of Personnel Management currently has about 14,000 pending claims from retiring feds. That is the lowest number that OPM has seen since May 2016. But it is still about 1,000 claims above OPM’s goal of having 13,000 claims in its hands at any given time. OPM also received slightly fewer new retirement claims during May than it did in April.
  • The Pentagon has a new series of “overlays” meant to help Defense components adopt zero trust approaches to cybersecurity. A new document published last week laid out how existing security controls — the National Institute of Standards and Technology 800-53 series DoD components already use — map onto the “pillars” DoD defined in its zero trust strategy last year. Defense officials said it is likely that most system owners have already implemented most of those controls, but the new overlays will help them identify the gaps between their current posture and zero trust.
    (DoD Zero Trust Overlay - Department of Defense)
  • U.S. Cyber Command is standing up a new program executive office to support its Joint Cyber Warfighting Architecture (JCWA). The command launched the effort five years ago to consolidate disparate systems across the military services into one single platform. The JCWA currently encompasses six programs of record across the military services. This year, the command is working to get more acquisition authority over program management shops within the services. CYBERCOM also wants to reduce redundancy, including reducing the number of software factories that are delivering capabilities for the JCWA.
  • The Energy Department has given agencies another tool to get federal buildings to reach net zero emissions by 2045. DoE recently published the National Definition of a Zero Emissions Building, which will become the standard for federal leases beginning in 2030. Through the new standards, agencies have criteria to determine that a building generates zero emissions from energy use in building operations. The new definition follows several other policy and standards efforts by DoE to meet the Biden administration's federal sustainability plan. In late April, the Energy Department also finalized a rule requiring agencies to phase out fossil-fuel usage in new federal building construction or major renovation by 2030.

 

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories