US federal cybersecurity incidents jumped 20% last year

Cybersecurity incidents involving US federal computer systems increased 20% last year, according to statistics released by the Government Accountability Office (GAO).

Federal agencies reported 15,560 cybersecurity incidents in 2011, up from 13,017 in 2010, Greg Wilshusen, GAO’s director of information security issues, told a Senate panel on Tuesday.

To improve cybersecurity, Wilshusen recommended that the Privacy Act and the E-Government Act be updated to better protect personal information collected, processed, and used by the federal government.

His agency has identified three areas where the laws need to be updated: applying privacy protections consistently to all federal collection and use of personal information; ensuring that use of personally identifiable information is limited to a stated purpose; and establishing effective mechanisms for informing the public about privacy protections.

In addition, Wilshusen recommended that agencies take the following steps to improve privacy protections and cybersecurity: assessing the privacy implications of a planned information system or data collection prior to implementation; ensuring the implementation of a robust information security program; and limiting the collection of personal information, the time it is retained, and who has access to it, as well as implementing encryption.