Risk
3/23/2011
01:57 PM
Connect Directly
RSS
E-Mail
50%
50%

Federal Cyber Attacks Rose 39% In 2010

While total incidents reported to US-CERT were down, government networks experienced more attacks than in 2009, according to a Congressional report.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
Cyber attacks on the federal government increased in 2010 over the previous year, even though the total number of cybersecurity incidents was down overall, according to a new report from the Office of Management and Budget (OMB).

There were 41,776 reported cyber incidents of malicious intent in the federal network in 2010 out of a total 107,439 reported to the United States Computer Emergency Readiness Team (US-CERT), according to the OMB's fiscal year 2010 report on federal implementation of the Federal Information Security Management Act (FISMA). The number represented a 39% increase over 2009, when 30,000 incidents were reported by the feds, of 108,710 attacks overall, according to the report.

In terms of types of attacks, phishing remained the top threat plaguing federal networks, although numbers were down slightly year over year. In 2010 the feds reported 56,579 phishing attacks, or 52.7% of the total number of incidents. In 2009, they reported 70,132 phishing attacks, or 64.5% of that year's total.

Attacks by Trojans, viruses, worms, and logic bombs were up slightly year over year, however, with 11,001 reports of such attacks, or 10.2% of the total number in 2010. In 2009, there were 8,779 reports of such attacks on federal networks, or 8.1% of the total number of incidents.

The fiscal year 2010 FISMA report is the most comprehensive to date about the state of cybersecurity among agencies and the progress being made in this area. FISMA is a National Institute of Standards and Technology (NIST) security standard for cybersecurity and provides oversight for how agencies are handling this issue.

Federal officials like U.S. CIO Vivek Kundra so far have been vague about how much federal investment is going toward cybersecurity and where the feds are spending the money, but the 2010 report has some solid figures and data and where cybersecurity investment goes.

The federal government spent about $12 billion on IT security, or about 15% of the approximately $80 billion annual federal IT budget, according to the report. Personnel took up a good chunk of those costs, including salaries and benefits of government employees and the cost of paying contractors. Non-defense agencies spent 74% of their IT security costs on personnel-related activities, according to the report.

The report also shows the progress agencies are making in terms of implementing FISMA, depicting a scenario in which this activity has gone from an afterthought to a priority for which agencies are changing their policies.

It used to be that the data security professionals needed to analyze to better protect agency system was not available until after it would be useful, according to the OMB. However, agencies have developed new methods to protect their systems "to move FISMA implementation toward the real-time detection and mitigation of security vulnerabilities," according to the report.

The White House Cybersecurity Coordinator and the Department of Homeland Security (DHS) have been working together with agencies via two initiatives -- Trusted Internet Connection and Einstein -- to develop better insight into threats, according to the OMB.

Moreover in fiscal year 2010, agencies started reporting detailed security metrics through Cyberscope, a Federal system aimed at obtaining an accurate picture of agencies' security practices.

The next phase of this work will be the introduction in fiscal year 2011 of what's called the CyberStat management model across the federal government, according to the report. Through this, agency leaders will meet to examine security metrics reports from Cyberscope to develop plans to address cybersecuity issues revealed in that data.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-6651
Published: 2014-07-31
Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. (dot dot) in the path parameter to (1) add_headers.php or (2) minify.php.

CVE-2014-2970
Published: 2014-07-31
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5139. Reason: This candidate is a duplicate of CVE-2014-5139, and has also been used to refer to an unrelated topic that is currently outside the scope of CVE. This unrelated topic is a LibreSSL code change adding functionality ...

CVE-2014-3488
Published: 2014-07-31
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

CVE-2014-3554
Published: 2014-07-31
Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement.

CVE-2014-5171
Published: 2014-07-31
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.

Best of the Web
Dark Reading Radio