Attacks on Fed computers continue to rise

Last year 586 incidents affecting federal computer systems were reported, a slight increase over the 580 reported in 1999, but 35 per cent more than the 376 incidents reported in 1998, Sallie McDonald, assistant commissioner of the Office of Information Assurance and Critical Infrastructure, told the House Energy and Commerce Committee's subcommittee on oversight and investigation.

More significantly, 155 of those incidents were described as a "root compromise" intrusions, which gave the intruder full administrative privileges over the targeted system. In at least five of the "root compromise" incidents access to sensitive government information was verified, said McDonald, whose office is part of the General Services Administration (GSA). For the remaining incidents it's assumed that information was compromised, McDonald added.

Distributed denial of service attacks and computer viruses comprised the other attacks on federal government computer systems last year. Though government agencies are required to report attacks and intrusions to the Federal Computer Incident Response Center run by the office of Information Assurance and Critical Infrastructure, any number of other intrusions and attacks go unreported because agencies are unable to recognize that systems have been compromised, McDonald said.

McDonald said to her knowledge none of the attacks or intrusions last year involved classified or secret information, and she said the increases have been mostly in data produced by government scientific researchers and environmental specialists. One of the things the office is shopping for is a system that would facilitate the distribution of patches to known vulnerabilities, she said.

McDonald also assured members of the subcommittee that the agency's revamped approach to intrusion detection, which replaces the controversial Federal Intrusion Detection Network (FIDNet), was not an attempt to sneak around Congress and put into place a system that could indiscriminately monitor private e-mail.

The GSA said last June it was moving forward with its plans to build a government-wide system to monitor agency networks for cyber-attacks. Asked about the system Thursday, McDonald said GSA now refers to it as managed security services. These types of services have matured and are now available commercially, she said.

"The idea was to make it much more palatable to the federal civilian agencies, to put them in control of the system because they would be the ones that would be procuring it," McDonald said. "We are encouraging them to procure these services and then share the results ... with us."

She said unless someone who is accessing government information is "acting anomalously," meaning behaving in a way that is not within the range of "normal approved-type activity," their communications would not be tracked by the intrusion detection systems.

The subcommittee also was told that there are 102 ongoing investigations into intrusions. Ronald Dick, director of the National Infrastructure Protection Center within the Federal Bureau of Investigation, said thus far none of the intrusions has been attributed to any "foreign powers' organizations."

Nevertheless, computer systems at federal facilities as well as systems in the private sector are extremely vulnerable to potentially crippling cyber attacks, Dick told the subcommittee.

"There are numerous tools out there to exploit the vulnerabilities in (government and private) systems, and unless there is due diligence on the part of systems administrators, CEOs and executive management of government agencies as well as the private sector as a whole you are going to have vulnerabilities," Dick said. "That includes due diligence not only in the implementation of firewalls and intrusion detection software, but ... continually updating and correcting your system."

In a statement released in conjunction with the hearing, the Information Technology Association of America (ITAA) called on the federal government to make information security a national priority. ITAA recommended the government spend more money on information security; organize itself efficiently to develop sound information security policies; adopt some means of ensuring internal accountability for information security; and fund advanced information security research.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Margret Johnston

PC World
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?