Cybersecurity: Federal Agencies Met Legislative Requirements for Protecting Privacy When Sharing Threat Information [open pdf - 198KB]
"Federal agencies and our nation's critical infrastructures, such as communications and financial services, are dependent on information technology systems and electronic data to carry out operations and to process, maintain, and report essential information. The security of these systems and data is vital to public confidence and national security, prosperity, and well-being. Yet, cyber-based intrusions and attacks on federal and nonfederal systems have become not only more numerous and diverse, but also more damaging and disruptive. For example, a data breach reported in July 2015 at the Office of Personnel Management affected at least 21.5 million individuals and compromised federal employees' personal information, including Social Security numbers, residency and education history, employment history, financial history, and the fingerprints of approximately 5.6 million individuals. Due to cyber-based threats to federal systems and critical infrastructure, the persistent nature of information security vulnerabilities, and associated risks, we have continued to designate information security as a government-wide high-risk area in our most recent biennial report to Congress--a designation we have made in each high-risk report since 1997. We expanded this area beyond federal information systems to include the protection of cyber critical infrastructure in 2003 and protecting the privacy of personally identifiable information in 2015."
U.S. Government Accountability Office: https://www.gao.gov/