A new GAO report, INFORMATION SECURITY: Weaknesses Continue Amid New Federal Efforts to Implement Requirements, has found serious and ongoing cybersecurity weaknesses at every agency examined. GAO stated:
Weaknesses in information security policies and practices at 24 major federal agencies continue to place the confidentiality, integrity, and availability of sensitive information and information systems at risk. Consistent with this risk, reports of security incidents from federal agencies are on the rise, increasing over 650 percent over the past 5 years.
With respect to continuous monitoring shortcomings, GAO states:
16 agencies did not adequately monitor networks for suspicious activities or report security incidents that had been detected. Without adequate access controls in place, agencies cannot ensure that their information resources are protected from intentional or unintentional harm.
The report’s primary recommendation is that OMB “incorporate performance targets for metrics in annual FISMA reporting guidance to agencies and inspectors general.”
GAO-12-137.ITSecurityWeaknesses
These Federal Gov. agencies are not able to adequately monitor their networks as a result of poor hiring practices of IT security personnel, and maintaining what few good ones that these agencies have along with not having adequate monitoring tools that are currently avaliable and implimenting them quickly enough. Further these agencies have been laggards to even get up to current IT security standards.