Tech

Government second only to finance sector in cybersecurity – report

Federal cybersecurity is in better shape than recent high profile breaches might suggest, says a new report by security risk assessment company BitSight Technologies.

By Grayson Ullman

September 25, 2015

Federal cybersecurity is in better shape than recent high-profile breaches might suggest, says a new report by security risk assessment company BitSight Technologies.

In its third annual “Insights Industry Benchmark Report,” BitSight ranks government cybersecurity second in security out of six major sectors, with a composite score of 688 on a 900 point scale. Only the finance sector scored higher, achieving a score of 716.

The high score comes in spite of a slew of allegations that the government is not doing enough to safeguard information, particularly in light of April’s massive Office of Personnel Management breach. A report by the Institute for Critical Infrastructure Technology alleged that “ill-equipped personnel, antiquated cyber security infrastructure, and abysmal security practices” were a major problem at Office of Personnel Management and numerous other agencies.

BitSight assess sectors on a basis of resistance to major security threats, including malware like POODLE, FREAK and Heartbleed. According to BitSight, such SSL vulnerabilities “can provide attackers with the ability to perform man in the middle attacks and extract sensitive information or gain private keys.” Although the government still showed some vulnerability to these tactics, the report stated that “many agencies are performing well as a sector in defending, detecting and recovering from network threats.”

The federal government’s 2015 score marks a four-point improvement over last year’s and puts it narrowly ahead of industries like retail and utilities, which scored 684 and 652 respectively. The government scored significantly higher than the health care education sector, which indexed at only 554.

The federal industry grouping includes 119 government entities spanning from defense to diplomacy and budget. To further increase their scores, the report stipulates that agencies must strive to establish best practices and stop “lowest bidder” contracting, which led to the hacks of USIS and Keypoint, yielding sensitive information to overseas hackers.

Government second only to finance sector in cybersecurity – report

More Like This

DOJ ‘not aware of any’ identity theft, fraud following consultant’s data breach

CISA emergency directive tells agencies to fix credentials after Microsoft breach

With 2023 tax season in the rearview, IRS commissioner eyes expansion of AI capabilities

Top Stories

CMS’s financial office is using LLM pilot to combat loss of institutional knowledge

Top public sector takeaways from Google Cloud Next 2024

Commerce requests information about AI, open data assets, data dissemination

Commerce adds five members to AI Safety Institute leadership

Kiran Ahuja to step down as OPM director

ICE pursuing privacy approvals related to controversial phone location data

More Scoops

Continuous monitoring of critical infrastructure absent from cyber executive order

Cloud, AI skills top list of talent needs for federal government CIOs, report finds

Why government is slow to endorse frameworks for quantifying cybersecurity risk

OPM gives agencies August deadline to report cybersecurity jobs needs

CDM — a pilot for a central IT modernization fund?

Rudy Giuliani to advise Trump on cybersecurity

Meet the man responsible for teaching some of the NSA’s best young hackers

Latest Podcasts

Government second only to finance sector in cybersecurity – report

ManTech leaders discuss innovation and security with Google technologies

Google’s Chris Hein on how AI is changing how citizens relate to government

OPM’s tech-friendly director steps down

Tech

Defense

Cyber

Acquisition