The number of cyber attacks on federal agencies tumbled by 12 percent in 2018, a recent report from the Trump administration’s Office of Management and Budget (OMB) said.
In absolute terms, 31,107 incidents hit government agencies in 2018, compared with the 35,277 events the prior year, figures that the OMB called “encouraging,” in the congressional report, entitled Federal Information Security Modernization Act of 2014 Annual Report to Congress for fiscal year 2018.
Based on the government’s new standard for designated “major incidents,” none of the attacks last year met that threshold -- ones that could harm national security, damage the economy or breach personally identifiable information. Still, federal agencies were beset by some 7,000 phishing attacks, nearly 9,700 breaches from errors by authorized users and more than 8,000 incidents that could not be traced to either an attack vendor or identify a cause.
(Of note: The OMB made no mention of attacks aimed at U.S. election systems, although hackers are certain to home in on the 2020 election, according to intelligence officials.)
“The Federal Government must continue to act to reduce the impact that cybersecurity incidents have on the Federal enterprise,” the report reads. “Numerous government and industry cybersecurity reports highlighted how threat actors employ persistent and increasingly sophisticated techniques to attack and compromise information systems. Gathering, analyzing, and disseminating this information is vital to effectively managing government cybersecurity risk, however, operationalizing the information has proven to be challenging for the Federal enterprise.”
Cybersecurity spending in fiscal 2018 was dominated by the Department of Defense, which accounted for more than $8 billion of the allocated $14.9 billion. The Department of Homeland Security spent the second highest amount at $1.8 billion.
As for federal election security, a number of House-passed measures -- most recently including one requiring paper ballots and additional funding and another mandating candidates notify the Federal Bureau of Investigation of meddling by a foreign government -- have languished in the Senate, despite the indirect advocacy of special counsel Robert Mueller and FBI director Christopher Wray. Both officials have all but guaranteed that foreign bad actors would again try to meddle in U.S. elections.
Congress has previously allocated some $380 million to the states for the 2018 elections following Russian meddling into the 2016 U.S. presidential election. While Congressional Democrats want more federal funds apportioned to shore up election cybersecurity bulwarks for 2020, Republicans fear federal overreach into state election oversight.