Just last year, Russian hackers attacked the State Department email system in what was called the “worst ever” cyberattack against a federal agency, and the Office of Personnel Management reported that 5.6 million Americans’ fingerprints were stolen as part of another malicious attack. The Department of Veterans affairs thwarted 1 billion cyber threats. And last week, hackers invited by the government found 138 security flaws on five Pentagon websites.
Clearly, cyberattacks are an increasing security threat, with Americans polled last month by Pew Research identifying cyberattacks as the second greatest global threat to the U.S., behind ISIS.
A new report by the Government Accountability Office hints at just how the threat has grown. In a survey of 24 federal agencies, the GAO found that between 2006 and 2015, the number of cyberattacks climbed 1,300 percent — from 5,500 to over 77,000 a year.
Eighteen agencies identified as having “high-impact systems” — those that hold information that, if lost, could cause “catastrophic harm” to individuals, the government or the country — said that cyberattacks from other nations (think China and Russia, for example) are the most serious and most common threat they see. Phishing was the most frequent type of attack, and email was the most frequent vehicle. “During fiscal year 2014, 11 of the 18 agencies reported 2,267 incidents affecting their high-impact systems, with almost 500 of the incidents involving the installation of malicious code,” the report says.
The report honed in on how effectively the National Aeronautics and Space Administration, the Nuclear Regulatory Commission, Office of Personnel Management and Department of Veterans Affairs managed cyber threats. Each organization could do more to prevent unauthorized access to systems, the GAO found.
“Until the selected agencies address weaknesses in access and other controls, including fully implementing elements of their information security programs, the sensitive data maintained on selected systems will be at increased risk of unauthorized access, modification, and disclosure, and the systems at risk of disruption,” the GAO concluded.
Here’s a look at the various kinds of attacks 11 agencies reported: