A new report from Owl Cybersecurity ranks 59 US government agencies on their darknet footprint. Leaked data, stolen credentials, and other intelligence are all included in the ranking, and it shows that the government has a long way to go in protecting itself.

Owl also recently published a list of Fortune 500 darknet exposure, and comparing the two indexes is bleak for the US government: Most of the top 10 government agencies would displace the top 10 companies, and the overall average exposure for a government agency is five times that of a commercial entity.

The potential for leaked US government data to cause serious damage is immense. Classified information can find itself in the hands of hostile foreign entities, stolen passwords can give hackers direct access to government systems, and leaked email addresses can be an inroad for phishing attacks.

It’s unfortunate when corporate data is leaked, but it’s dangerous when it’s the government.

The top 10

The total list of 59 US government agencies can be found in the complete report. Here are the top 10. Interesting to note is how many are defense-related departments: half the list.

  1. US Navy
  2. US Army
  3. Department of Defense
  4. Department of Justice
  5. Department of Homeland Security
  6. US Marine Corps
  7. NASA
  8. IRS
  9. Department of Veterans Affairs
  10. Department of State

SEE: Experts predict 2017’s biggest cybersecurity threats (TechRepublic)

What the rankings mean

There are a number of factors that go into ranking the agencies on the list. Email addresses, user credentials, intellectual property, records, and other information that can be used by cybercriminals are all considered.

Owl excludes anything that doesn’t have a “hackishness” factor, which means it could be used by criminals in illicit activity. Essentially, the higher up on the list, the more critically vulnerable info is exposed.

It’s no surprise, therefore, that defense agencies are so highly ranked–the information they have is particularly enticing to criminals who could demand a high price for intelligence, credentials for individuals with security clearances, personnel records, and deployment plans.

SEE: Certified Information Systems Security Professional (TechRepublic Academy)

It’s not just members of the military and veterans who are at risk–with the IRS in the top 10, any one of us could have personal information stolen, traded, and sold on the darkweb.

The US government doesn’t have the best track record when it comes to cybersecurity, and that’s not just a risk to shareholders. It’s a risk for all of us. Here’s hoping there will actually be some effort to shore up cyber defenses in the coming years.

Top three takeaways for TechRepublic readers:

  1. A new report from Owl Cybersecurity reveals that US government agencies have a massive footprint on the darknet, with an average footprint five times larger than corporate entities.
  2. Information available on the darknet comes in the form of passwords, email addresses, documents, and other data.
  3. The defense industry makes up half of the top 10 on the list, primarily due to the attractiveness of the data defense agencies have.

Also see: