Federal agencies faced fewer cyberattacks in 2018, report finds

Federal agencies faced fewer cyberattacks in 2018, report finds
© iStock

The number of cyber incidents targeting federal agencies dropped last year, according to a new report released by the Trump administration.

The congressionally mandated report released by the Office of Management and Budget (OMB) found more than 31,000 cyberattacks against federal agencies in fiscal 2018, a nearly 12 percent drop from the previous year.

Officials said 2018 also marked the first recorded year with no reported cyber incident that could be considered a “major incident” — one that could result in significant harm to national security, foreign relations or the economy.


OMB noted that federal agencies still face the risk of attacks such as email phishing, with the number of cyber incidents involving emails totaling almost 7,000 last year. 

The findings focus solely on cyber threats against federal agencies and not toward any U.S. election systems, something officials raised alarms about during the 2018 midterm elections and since, heading into the 2020 election.

Officials said that other causes of cyber incidents reported by federal agencies last year included improper use of systems by authorized users, loss or theft of equipment and attacks from a website or web-based application.

Around 8,200 of the incidents were caused by “unknown” attack methods, a finding that OMB noted “suggests that the government must take additional steps to help agencies identify the sources and vectors of these incidents."

Cybersecurity was also an issue prioritized by agencies in their fiscal 2018 budgets, with federal agencies spending a combined $14.9 billion. 

The Department of Defense accounted for more than half of these funds, spending over $8 billion on cybersecurity, with the second-highest amount spent by the Department of Homeland Security, at $1.8 billion. 

OMB emphasized that despite these improvements, more needs to be done to secure agencies against cyberattacks, stating that “the Federal Government must continue to act to reduce the impact that cybersecurity incidents have on the Federal enterprise.”