OMB Releases Damning Report on U.S. Govt’s Inability to Counter Cyber Threats


OMB Releases Damning Report on U.S. Govt’s Inability to Counter Cyber Threats

Category : Blog

OMB Releases Damning Report on U.S. Govt’s Inability to Counter Cyber Threats

OMB (Office of Management and Budget) oversees the implementation of the president’s objectives in the areas of policy, budget, management and regulation. To that end, the recent government-wide cybersecurity risk assessment, carried out by the OMB, in coordination with the Department of Homeland Security (DHS), highlights several serious issues that continue to imperil federal cybersecurity and ultimately put the nation at risk.

The risk report examined federal agencies’ ability to, “identify, detect, respond, and if necessary, recover from cyber intrusions, in accordance with Executive Order 13800.

The OMB and DHS found that 71 of 96 agencies have cybersecurity programs that are either at risk or high risk. The OMB and DHS assessed the performance of 96 agencies across 76 metrics and identified the four core actions they deemed necessary to address cybersecurity risks across the Federal enterprise.




Increase cybersecurity threat awareness among Federal agencies by implementing the Cyber Threat Framework to prioritize efforts and manage cybersecurity risks

Thirty-eight percent of federal cyber incident reports lacked an identified attack vector, which means that in roughly 4 out of 10 cyber incidents, it was not known who the attacker was. And, in terms of bolstering communication of cyber risks, just 59 percent of agencies reported having processes in place to communicate cyberrisks across their enterprises.


Cyber Threat



Standardize IT and cybersecurity capabilities to control costs and improve asset management

The report acknowledged that, “an agency’s ability to mitigate security vulnerabilities is a direct function of its ability to identify those vulnerabilities across the enterprise. Agency risk assessments show that this issue becomes more complex in federated agencies, where there are not standardized procedures or technology across the organization is lacking.

Phishing was also addressed, as phishing attacks remain one of the most common attack vectors across both government and industry. The report notes that standardizing and consolidating email at the enterprise level is an important element of the strategy to secure users. But, some federal agencies report having several, separately managed email services inside their agencies. One agency listed 62 separately managed email services used by its staff, which would make it virtually impossible to track and inspect inbound and outbound communications across that agency.




Consolidate agency Secure Operations Centers (SOCs) to improve incident detection and response capabilities

A measly 27 percent of agencies reported having the ability to detect and investigate attempts to access large volumes of data. The assessment points out that the current situation is untenable, as agencies lack both the visibility into their networks to determine the occurrence of cybersecurity incidents and the ability to minimize the impact of an incident if one is detected.




Drive accountability across agencies through improved governance processes, recurring risk assessments, and OMB’s engagements with agency leadership

With only 16 percent of agencies compliant with the government-wide goal of encrypting data at rest, one of the conclusions arrived at in the report is that there is a lack of accountability for managing risks.

In fact, many have voiced concern over the decision to eliminate these roles and have warned that it will lead to a lack of unified focus against cyber threats.





The report concludes by stating that, “at a time when our reliance on technology is becoming greater and the Nation’s digital adversaries are growing more adept, we must ensure that the Federal Government can secure citizens’ information and deliver on their core missions.”

Next on the agenda, for the OMB, is taking the necessary actions to “implement the Cybersecurity Threat Framework, standardize IT capabilities and tools, consolidate or migrate SOC operations, and drive accountability for cybersecurity risk management across the enterprise.” And, the agency will continue to coordinate with its cross-agency partners, including DHS, NIST and GSA, to ensure that agencies are aware of expectations and available resources. The OMB will also work through the Federal CIO and CISO Councils to ensure that the federal government is moving forward towards improved cybersecurity outcomes.




Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery


Other Location for Online Courses:





Leave a Reply