Information Security: Agencies Need to Improve Cyber Incident Response Practices, Report to Congressional Requesters [open pdf - 11MB]
The number of cyber incidents reported by federal agencies increased in fiscal year 2013 significantly over the prior 3 years (see figure). An effective response to a cyber incident is essential to minimize any damage that might be caused. DHS [Department of Homeland Security] and US-CERT [the United States Computer Emergency Readiness Team] have a role in helping agencies detect, report, and respond to cyber incidents. GAO [Government Accountability Office] was asked to review federal agencies' ability to respond to cyber incidents. To do this, GAO reviewed the extent to which (1) federal agencies are effectively responding to cyber incidents and (2) DHS is providing cybersecurity incident assistance to agencies. To do this, GAO used a statistical sample of cyber incidents reported in fiscal year 2012 to project whether 24 major federal agencies demonstrated effective response activities. In addition, GAO evaluated incident response policies, plans, and procedures at 6 randomly-selected federal agencies to determine adherence to federal guidance. GAO also examined DHS and US-CERT policies, procedures, and practices, and surveyed officials from the 24 federal agencies on their experience receiving incident assistance from DHS.
Government Accountability Office (GAO): http://www.gao.gov/