Risk
3/23/2011
01:57 PM
50%
50%

Federal Cyber Attacks Rose 39% In 2010

While total incidents reported to US-CERT were down, government networks experienced more attacks than in 2009, according to a Congressional report.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
Cyber attacks on the federal government increased in 2010 over the previous year, even though the total number of cybersecurity incidents was down overall, according to a new report from the Office of Management and Budget (OMB).

There were 41,776 reported cyber incidents of malicious intent in the federal network in 2010 out of a total 107,439 reported to the United States Computer Emergency Readiness Team (US-CERT), according to the OMB's fiscal year 2010 report on federal implementation of the Federal Information Security Management Act (FISMA). The number represented a 39% increase over 2009, when 30,000 incidents were reported by the feds, of 108,710 attacks overall, according to the report.

In terms of types of attacks, phishing remained the top threat plaguing federal networks, although numbers were down slightly year over year. In 2010 the feds reported 56,579 phishing attacks, or 52.7% of the total number of incidents. In 2009, they reported 70,132 phishing attacks, or 64.5% of that year's total.

Attacks by Trojans, viruses, worms, and logic bombs were up slightly year over year, however, with 11,001 reports of such attacks, or 10.2% of the total number in 2010. In 2009, there were 8,779 reports of such attacks on federal networks, or 8.1% of the total number of incidents.

The fiscal year 2010 FISMA report is the most comprehensive to date about the state of cybersecurity among agencies and the progress being made in this area. FISMA is a National Institute of Standards and Technology (NIST) security standard for cybersecurity and provides oversight for how agencies are handling this issue.

Federal officials like U.S. CIO Vivek Kundra so far have been vague about how much federal investment is going toward cybersecurity and where the feds are spending the money, but the 2010 report has some solid figures and data and where cybersecurity investment goes.

The federal government spent about $12 billion on IT security, or about 15% of the approximately $80 billion annual federal IT budget, according to the report. Personnel took up a good chunk of those costs, including salaries and benefits of government employees and the cost of paying contractors. Non-defense agencies spent 74% of their IT security costs on personnel-related activities, according to the report.

The report also shows the progress agencies are making in terms of implementing FISMA, depicting a scenario in which this activity has gone from an afterthought to a priority for which agencies are changing their policies.

It used to be that the data security professionals needed to analyze to better protect agency system was not available until after it would be useful, according to the OMB. However, agencies have developed new methods to protect their systems "to move FISMA implementation toward the real-time detection and mitigation of security vulnerabilities," according to the report.

The White House Cybersecurity Coordinator and the Department of Homeland Security (DHS) have been working together with agencies via two initiatives -- Trusted Internet Connection and Einstein -- to develop better insight into threats, according to the OMB.

Moreover in fiscal year 2010, agencies started reporting detailed security metrics through Cyberscope, a Federal system aimed at obtaining an accurate picture of agencies' security practices.

The next phase of this work will be the introduction in fiscal year 2011 of what's called the CyberStat management model across the federal government, according to the report. Through this, agency leaders will meet to examine security metrics reports from Cyberscope to develop plans to address cybersecuity issues revealed in that data.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Five Things Every Business Executive Should Know About Cybersecurity
Don't get lost in security's technical minutiae - a clearer picture of what's at stake can help align business imperatives with technology execution.
Flash Poll
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Social engineering, ransomware, and other sophisticated exploits are leading to new IT security compromises every day. Dark Reading's 2016 Strategic Security Survey polled 300 IT and security professionals to get information on breach incidents, the fallout they caused, and how recent events are shaping preparations for inevitable attacks in the coming year. Download this report to get a look at data from the survey and to find out what a breach might mean for your organization.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Security researchers are finding that there's a growing market for the vulnerabilities they discover and persistent conundrum as to the right way to disclose them. Dark Reading editors will speak to experts -- Veracode CTO and co-founder Chris Wysopal and HackerOne co-founder and CTO Alex Rice -- about bug bounties and the expanding market for zero-day security vulnerabilities.