Reports of network security incidents at federal agencies have soared 650 percent during the past half-decade, jeopardizing the confidentiality and integrity of sensitive government information, federal auditors charged in a congressionally mandated report.
The most prevalent types of cyber events included infections from malicious code -- 30 percent of incidents; violations of acceptable use policies; and intrusions into networks, applications and other data resources, states a Government Accountability Office report
released on Monday. GAO auditors are required by law to periodically update Congress on departments' compliance with a computer security measure called the 2002 Federal Information Security Act, or FISMA.
During the past five years, the number of reported events has grown from 5,503 in 2006 to 41,776 in 2010.
The main reason agency computers are vulnerable to contamination is departments have failed to implement security controls, according to the audit. Agencies do not always adequately train personnel responsible for system security, regularly monitor safeguards, successfully fix vulnerabilities or resolve incidents in a timely fashion.
"These shortcomings leave federal agencies vulnerable to external as well as internal threats," wrote Gregory C. Wilshusen, GAO director for information security issues. "As long as agencies have not fully and effectively implemented their information security programs, including addressing the hundreds of recommendations that we and inspectors general have made, federal systems will remain at increased risk of attack or compromise."