Cybersecurity

US Federal Agencies Miss Deadline for Incident Response Requirements

Although US federal agencies have made progress in preparing for and responding to cyber threats, too many have failed to meet the deadline to implement incident response capabilities required by law, according to the US Government Accountability Office (GAO).

In a new report, published on December 4, 2023, the GAO found that 20 US federal agencies have not yet reached the advanced level – tier three – for cyber event logging. Those include the Departments of Commerce, State and Justice.

According to 2021 Executive Order 14028, Cybersecurity Incident Response Requirements and Status of Completion, the US Office of Management and Budget (OMB) required all US federal agencies to work toward reaching event logging tier three by August 2023.

This tier three level means that logging requirements at all criticality levels are met.

However, as of August 2023, only three of the 23 agencies were at tier three – three other agencies had reached the tier one level and 17 had not gone past the tier zero level.

“Until the agencies implement all event logging requirements, the federal government’s ability to fully detect, investigate, and remediate cyber threats will be constrained,” read the GAO report.

What Cybersecurity Challenges are Federal Agencies Facing?

The GAO investigated the reasons behind these shortcomings by interviewing the security decision-makers within all 23 US federal agencies.

Some of the critical challenges that are hindering the agencies’ ability to fully prepare to respond to cybersecurity incidents included:

  • The lack of staff
  • Event logging technical challenges
  • Limitations in cyber threat information sharing

The GAO said federal entities have started several initiatives to address these challenges. These efforts include:

  • Onsite cyber incident response assistance from the US Cybersecurity and Infrastructure Security Agency (CISA)
  • Event logging workshops and guidance
  • Enhancements to a cyber threat information-sharing platform

“In addition, long-term efforts are planned such as implementation of the National Workforce and Education Strategy and a new threat intelligence platform offering from CISA, targeted to roll out its first phase to federal departments and agencies in fiscal year 2024,” the GAO added.

The GAO noted that all 23 agencies have incorporated or are incorporating the CISA playbook, issued in November 2021, into their plans. They have also substantially completed the preparation phase activities and have begun to deploy an endpoint detection and response solution.

Finally, the GAO made a list of 20 recommendations to the heads of federal agencies to help further the progress and resolve some of the bottlenecks and challenges the agencies face in meeting cyber requirements.

Read more: SolarWinds CISO on Developing a More Secure Software Ecosystem After Infamous Hack