Mercatus Scholars Assert That Federal Agencies Failed Their 2014 Cyber Report Card

According to a new article published by Mercatus Scholars Eli Dourado and Andrea Castillo, federal agencies that soon may oversee new data extraction and management responsibilities under the proposed Cybersecurity Information Sharing Act reported an "alarming" number of security breaches in Fiscal Year 2014.

The article, titled "Agencies Fail 2014 Cyber Report Card and Report Record Number of IT Breaches," uses data from the Office of Management and Budget's FY 2014 Federal Information Security Management Act Compliance Report (the "Report") to analyze each agency's share, type and number of reported federal information security incidents for Fiscal Year 2014.

The authors argue that around half of the incidents in Fiscal Year 2014 could have been "easily avoided through the use of strong authentication techniques, which prevent unauthorized access by requiring users to log in with unique Personal Identity Verification Cards." Their conclusion is that due to the federal government's continuing "struggle" to secure its own information security systems, it is a "poor candidate for exerting more control over private cybersecurity policy." Instead, the authors recommend a bottom-up "notice and response" approach as the better method "to disseminate knowledge about identified cyber-breaches among appropriate parties."

See: "Agencies Fail 2014 Cyber Report Card and Report Record Number of IT Breaches," by Eli Dourado and Andrea Castillo.
Related news: Mercatus Scholars Study Relationship between Cybersecurity Breaches and Federal Cybersecurity Spending (January 20, 2015).