GAO: Feds have holes in cyber response

Two-dozen federal agencies have holes in their responses to cyber attacks, according to a new report from Congress’s investigative arm.

The Government Accountability Office (GAO) report out on Friday shows that the agencies did not completely document the work they did in about 65 percent of the cases they faced and many did not have comprehensive plans in line with federal requirements.

“Without complete policies, plans, and procedures, along with appropriate oversight of response activities, agencies face reduced assurance that they can effectively respond to cyber incidents,” the GAO said.

In some cases, agencies outlined how large a data breach was but did not note its impact. In others, agencies neglected to note what steps they had taken to prevent another attack.

Cyber attacks have been on the rise in recent years, with more than 46,000 reported across the federal government last year, according to the GAO. That’s a major jump from 2012, when the government saw fewer than 35,000 incidents.

The office said that the Department of Homeland Security (DHS) , which runs an emergency readiness team to tackle agency cyber attacks, needs to develop better ways of measuring its progress.

Without those metrics, the federal cyber team “will face challenges in ensuring it is effectively assisting federal agencies with preparing for and responding to cyber incidents,” the GAO said.

Federal officials at the DHS and White House budget office should also make sure that reviews of government cyber issues focus on ways to respond to incidents, it added.