Federal agencies increased their use of authentication and made other changes to improve cybersecurity during the 30-day “sprint” to strengthen computer networks and protect data, said Federal Chief Information Officer Tony Scott.
“Agencies are reducing the number of privileged users and working with (the Department of Homeland Security) to scan their networks on an ongoing basis for known critical vulnerabilities,” Scott wrote in ablog post. “Additionally, agencies continue to train employees to recognize and report phishing attempts to introduce malware into Federal networks. But malicious actors aren’t slowing down.”
The administration ordered the 30-day cybersecurity sprint following the data breaches at the Office of Personnel Management (OPM).
Scott said civilian agencies:
- Increased their use of strong authentication for privileged and unprivileged users from 42 percent to 72 percent – an increase of 30 percent – during sprint
- Increased their use of strong authentication for privileged users from 33 percent to nearly 75 percent – an increase of more than 40 percent
- And 13 agencies, or more than half of the largest agencies – including the Departments of Transportation, Veterans Affairs, and the Interior – implemented the same level of strong authentication for nearly 95 percent of their privileged users
Despite the progress, Scott said agencies still have work to do.
“Although the sprint may have come to a conclusion, it is only one leg of a marathon to build upon progress made, identify challenges, and continuously strengthen our defenses,” he said.
He also called on Congress to provide agencies with more resources.
“Decades of underfunding and years of uncertainty in budgets and resourcing for strategic and critical IT capabilities like cybersecurity have contributed to the current unsustainable state of the Federal government’s networks,” Scott said. “We now have an opportunity and a pressing need to come together as a government and a nation to change our approach. The best way for any industry executive or agency leader to ensure the security of their networks is to have the resources they need and the certainty to deploy those resources. That is why it is critical Congress lift the harmful spending cuts known as sequestration and provide agencies certainty in their budgets, to improve their planning, and their ability to forecast and acquire the necessary resources for addressing emerging cyber threats.”
Join the conversation. Post a comment below or email me at firstname.lastname@example.org.