A Case Study of the Trend in Cyber Security Breaches as Reported by US Federal Agencies

Joash Muganda

American Public University System

ISSC640 – Prof. Belkacem Kraimeche

November 12, 2014

Abstract
The cases of cybersecurity breaches reported by federal agencies have sharply increased in recent years due to a combination of factors. This study seeks to examine the current trends in cybersecurity breaches documented and reported by federal agencies, analyze the various factors responsible for this trend and their impacts, as well use currently available data to predict a future trend.

A Case Study of the Trend in Cyber Security Breaches as Reported by US Federal Agencies The number cybersecurity breaches reported by federal agencies has been on the increase owing to the variety of factors. According to a report by U.S Government Accountability Office, GAO (2014), federal agencies have reported increasing number of cybersecurity breaches that have put sensitive information at risk, with potentially serious impacts on federal and military operations. GAO (2014) further stated that the increase in this number is due to the fact that obtaining hacking tools has become easier, there is dramatic increase in reporting security incidents, and steady advances in the sophistication and effectiveness of attack technologies. The table below shows the number of cybersecurity breaches since 2006 to 2012 as reported by GAO (2014). Number of Incidents | 5503 | 11911 | 16843 | 29999 | 41776 | 42854 | 48562 | FiscalYear | 2006 | 2007 | 2008 | 2009 | 2010 | 2011 | 2012 |
Data sourced from GAO Analysis of US-CERT Data for Fiscal Years 2006-2012 Federal and private agencies have invested much resources in their attempts to curb cybercrime, and over the years, what has been put in place may be responsible for the wider detection and therefore increased number of reported incidents of security breaches. In fact, according to Mendoza (2014), by year 2020, the U.S. government is projected to spend roughly $65 billion on cybersecurity, although some experts contend that even this amount is grossly insufficient to meet the need. The strategies currently employed to tackle cybercrime range from promoting education and awareness; addressing international cybercrimes; developing detection, mitigation and response plans to the incidents; to promoting research and development etc. (GAO, 2014). For example, the significance of the education and awareness component of the cybercrime fight is heightened by the fact that in a large number of cases where federal agencies are exposed to cybersecurity breaches, it was as a consequence of human error. In 2013, federal employees were to blame for approximately half of the 228,700 cyber incidents that involved federal agencies through actions ranging from work-place policy violations, to improper handling of sensitive information taken from workplace computers (Mendoza, 2014). In light of this fact, it is reasonable to anticipate an increase in the number of reported incidents if employees are better trained to detect cybersecurity threats. Gendarmerie Nationale (2011) explained that Cybercrime is on the rise for the reason that development of connections has expanded exponentially; knowledge base for the subject has increased; there is more cultural awareness; and programmable onboard electronics, therefore increasing the number of potential targets. In comparison to other crimes and offenses, cybercrime generally requires lesser investment and can be accomplished in diverse locations, without any geographical constraints and with no consideration to borders (Gendarmerie Nationale, 2011). If cybercrime is bound to increase as explained by these facts, the number of incidents reported are likely to do the same.
Prediction
This study predicts a polynomial growth in the number of reported cybersecurity breaches as illustrated in the graph below.

Data sourced from GAO Analysis of US-CERT Data for Fiscal Years 2006-2012
The blue line show the trend as it has been since 2006 to 2012, and the black line shows a trendline in to the future. In 2020 for example, the number of incidents that will be reported by federal agencies will be approximately 110000 compared to 48562 in 2012 for instance. This study predicts a polynomial growth in the number of reported cybersecurity violations due to the fact that figures showed by the graph above does not suggest exponential growth. However, the growth is still very large and fast leading to the conclusion that the growth is polynomial. An example to explain this growth is, government and private agencies can spend heavily but not enough to eradicate cybercrime. The impact of that spending would be felt, slowing down the growth. On the other hand, perpetrators will continue with their missions, considering the fact that not enough money was used to fight them, the number of cases reported will only go up.
Conclusion
This case study predicts that the number of security breaches reported will increase. On a positive note, this could mean that more breaches are being reported than in the past and the trend will continue in the future. However, this can also mean that more attacks are taking place now and will continue in the future. The point is, increase in the number of cases being reported does not necessarily mean that there is no progress in the fight against cybercrimes. The increase of the number of cybersecurity breaches being reported depend on several factors such as emergence of new technologies, awareness of cyber threats and attacks, increased use of internet and electronics, federal agencies initiatives and regulations availability of law enforcement cyber incident reporting resources, government spending, advancement in the techniques that criminals use, and many others.
References:
Gendarmerie Nationale. (2011). Prospective Analysis on Trends in Cybercrime from 2011 to 2020. Retrieved from http://www.mcafee.com/us/resources/white-papers/wp-trends-in-cybercrime- 2011-2020.pdf Mendoza, M. (2014, November 10). Federal government struggles to keep pace against cyberattacks. The Associated Press. Retrieved November 14, 2014. U.S. Government Accountability Office [GAO]. (2013). Cybersecurity: National Strategy, Roles, and Responsibilities Need to be Better Defined and More Effectively Implemented. Retrieved from: http://www.gao.gov/assets/660/652170.pdf