U.S. agencies need improved response to cyber incidents: GAO

Federal agencies need to improve their cyber incident response practices, a report released Friday by the U.S. Government Accountability Office finds.

According to the report, “Information Security, Agencies Need to Improve Cyber Incident Response Practices,” the number of cyber incidents reported by 24 major federal agencies increased in fiscal year 2013 significantly over the prior three years, with 46,160 incidents reported last year.

“Cyber-based attacks on federal systems have become not only more numerous and diverse, but also more damaging and disruptive,” the report states

However, the GAO found the federal agencies did not completely document actions taken in response to detected incidents in about 65% of the cases.

“Agencies identified the scope of an incident in the majority of cases, but frequently did not demonstrate that they had determined the impact of an incident,” the report states. “In addition, agencies did not consistently demonstrate how they had handled other key activities, such as whether preventive actions to prevent the reoccurrence of an incident were taken.”

In addition to traditional cyber attacks, the report warns that insider threats such as the leaking of information by former National Security Administration contractor Edward Snowden, will “continue to pose a persistent challenge, as trusted insiders with the intent to do harm can exploit their access to compromise vast amounts of sensitive and classified information as part of a personal ideology or at the direction of a foreign government.”

Accordingly, the report recommends the development of a comprehensive series of guidelines to help agencies effectively respond to cyber incidents.

“Having policies, plans, and procedures in place to guide agencies in responding to a cyber incident is critically important to minimizing loss and destruction, mitigating the weaknesses that have been exploited, and restoring information technology services,” the report states.