Federal agencies reported 42,887 cybersecurity incidents last year, compared with just 5,503 in 2006, Gregory Wilshusen, director of information issues for the GAO, told a House Homeland Security Committee panel.
The incidents reported by the agencies included unauthorized access to systems, improper use of computing resources, and the installation of malicious software, among others.
The GAO official said the sources of these cyberthreats include criminal groups, hackers, terrorists, organizational insiders, and foreign nations.
“The magnitude of the threat is compounded by the ever-increasing sophistication of cyber attack techniques, such as attacks that may combine multiple techniques. Using these techniques, threat actors may target individuals, businesses, critical infrastructures, or government organizations”, he testified.
The federal government IT systems continue to suffer from "significant weaknesses" in information security controls, he said. Eighteen of 24 major federal agencies have reported inadequate information security controls for financial reporting for fiscal year 2011, and inspectors general at 22 of these agencies identified information security as a major management challenge for their agency, he told the House panel.
“Reported attacks and unintentional incidents involving federal, private, and infrastructure systems demonstrate that the impact of a serious attack could be significant, including loss of personal or sensitive information, disruption or destruction of critical infrastructure, and damage to national and economic security”, Wilshusen warned.