It’s not just OPM: Cybersecurity across the federal government is pretty awful

The nation is still reeling from the revelation that hacks at the Office of Personnel Management exposed the personal data of 22.1 million people. But government audits reveal that the agency isn't alone: Basically the whole government is struggling to protect its computer systems. Under a 2002 law, federal agencies are supposed to meet a minimum set of information security standards and have annual audits of their cybersecurity practices. OPM's reviews showed years of problems. But the issue is far more widespread than with just one agency. According to the Government Accountability Office, 19 of 24 major agencies have declared cybersecurity a "significant deficiency" or a "material weakness." Problems range from a need for better oversight of information technology contractors to improving how agencies respond to breaches of personal information, according to GAO.

"Until federal agencies take actions to address these challenges -- including implementing the hundreds of recommendations GAO and agency inspectors general have made -- federal systems and information will be at an increased risk of compromise from cyber-based attacks and other threats," the watchdog agency said in a report earlier in July. GAO also noted the "sharp" increase in information security incidents reported by federal agencies in recent years. In fiscal year 2006, there were 5,503. In fiscal year 2014, there were 67,168.