The federal government was the victim of more than 31,000 cybersecurity incidents in fiscal year 2018, according to an Office of Management and Budget report released Aug. 16.

The annual report on cybersecurity, the FISMA FY 2018 Annual Report to Congress, found that the number of cyber incidents at agencies dropped 12 percent from last year. That figure is down from 35,000 incidents the previous year.

The good news for federal government? This was the first year that agencies didn’t have an incident that reached the “major incident” threshold set by OMB. That means no known breaches constituted a national security threat or released personally identifiable information.

The federal government spent nearly $15 billion on cybersecurity in fiscal 2018. The Pentagon accounted for more than half of that spending. The Department of Homeland Security spent about $1.8 billion on cybersecurity.

The report found that email-based threats remain “prevalent" because of the high success rate of phishing attacks. Almost 7,000 attacks came through phishing. The report also found that the government was not able to identify the way in which 27 percent agency systems were attacked.

This trend “continues to suggest that the government must take additional steps to help agencies identify the sources and vectors of these incidents,” the report read.

The most common attack was classified in the report as “improper usage” with more than 9,600 incidents. Improper usage is defined as “any incident resulting from violation of an organization’s acceptable usage policies by an authorized user.”

OMB found five common security shortfalls across the federal agencies:

* Lack of data protection,

* Lack of network segmentation,

* Inconsistent patch management,

* Lack of strong authentication,

* Lack of continuous monitoring,

Several of these technologies are considered part of basic cybersecurity hygiene by cyber experts.

DHS also provides agencies with a cybersecurity package to protect against cyberattacks. As of the end of September 2018, 70 agencies had implemented all of DHS’s security offerings. This included the 23 agencies described in the Chief Financial Officers Act and the 102 civilian agencies evaluated.

Andrew Eversden covered all things defense technology for C4ISRNET. Beforehand, he reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.

More In IT & Networks
NORTHCOM wants millions more for AI and data handling
U.S. Northern Command has asked Congress for almost $30 million to buy information technology equipment and to optimize infrastructure for artificial intelligence and machine learning at its joint operations center with the North American Aerospace Defense Command.
How to put the joint in JADC2
As DoD continues to advance JADC2, it must contend with how to create a truly joint approach while avoiding the pitfalls of past attempts at joint systems.