The number of cyber attacks against systems supporting the federal government is steadily rising each year: from 5,503 in fiscal year 2006 to 67,168 in fiscal year 2014, a tenfold increase.
Furthermore, the number of reported security incidents involving PII at federal agencies has more than doubled in recent years – from 10,481 incidents in fiscal year 2009 to 27,624 incidents in fiscal year 2014.
These incidents and others like them can adversely affect national security; damage public health and safety; and lead to inappropriate access to and disclosure, modification, or destruction of sensitive information. Recent examples highlight the impact of such incidents:
- In June 2015, OPM reported that an intrusion into its systems affected personnel records of about 4 million current and former federal employees. The Director of OPM also stated that a separate incident may have compromised OPM systems related to background investigations, but its scope and impact have not yet been determined.
- In June 2015, the Commissioner of the Internal Revenue Service (IRS) testified that unauthorized third parties had gained access to taxpayer information from its “Get Transcript” application. According to IRS, criminals used taxpayer-specific data acquired from non-IRS sources to gain unauthorized access to information on approximately 100,000 tax accounts. These data included Social Security information, dates of birth, and street addresses.
- In April 2015, the Department of Veterans Affairs (VA) Office of Inspector General reported that two VA contractors had improperly accessed the VA network from foreign countries using personally owned equipment.
- In February 2015, the Director of National Intelligence stated that unauthorized computer intrusions were detected in 2014 on OPM’s networks and those of two of its contractors. The two contractors were involved in processing sensitive PII related to national security clearances for federal employees.
- In September 2014, a cyber-intrusion into the United States Postal Service’s information systems may have compromised PII for more than 800,000 of its employees.
Sources: GAO Reports, U.S. Federal Cybersecurity Market, Deep Packet Inspection (DPI): U.S. Government Market.