01:57 PM

Federal Cyber Attacks Rose 39% In 2010

While total incidents reported to US-CERT were down, government networks experienced more attacks than in 2009, according to a Congressional report.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
Cyber attacks on the federal government increased in 2010 over the previous year, even though the total number of cybersecurity incidents was down overall, according to a new report from the Office of Management and Budget (OMB).

There were 41,776 reported cyber incidents of malicious intent in the federal network in 2010 out of a total 107,439 reported to the United States Computer Emergency Readiness Team (US-CERT), according to the OMB's fiscal year 2010 report on federal implementation of the Federal Information Security Management Act (FISMA). The number represented a 39% increase over 2009, when 30,000 incidents were reported by the feds, of 108,710 attacks overall, according to the report.

In terms of types of attacks, phishing remained the top threat plaguing federal networks, although numbers were down slightly year over year. In 2010 the feds reported 56,579 phishing attacks, or 52.7% of the total number of incidents. In 2009, they reported 70,132 phishing attacks, or 64.5% of that year's total.

Attacks by Trojans, viruses, worms, and logic bombs were up slightly year over year, however, with 11,001 reports of such attacks, or 10.2% of the total number in 2010. In 2009, there were 8,779 reports of such attacks on federal networks, or 8.1% of the total number of incidents.

The fiscal year 2010 FISMA report is the most comprehensive to date about the state of cybersecurity among agencies and the progress being made in this area. FISMA is a National Institute of Standards and Technology (NIST) security standard for cybersecurity and provides oversight for how agencies are handling this issue.

Federal officials like U.S. CIO Vivek Kundra so far have been vague about how much federal investment is going toward cybersecurity and where the feds are spending the money, but the 2010 report has some solid figures and data and where cybersecurity investment goes.

The federal government spent about $12 billion on IT security, or about 15% of the approximately $80 billion annual federal IT budget, according to the report. Personnel took up a good chunk of those costs, including salaries and benefits of government employees and the cost of paying contractors. Non-defense agencies spent 74% of their IT security costs on personnel-related activities, according to the report.

The report also shows the progress agencies are making in terms of implementing FISMA, depicting a scenario in which this activity has gone from an afterthought to a priority for which agencies are changing their policies.

It used to be that the data security professionals needed to analyze to better protect agency system was not available until after it would be useful, according to the OMB. However, agencies have developed new methods to protect their systems "to move FISMA implementation toward the real-time detection and mitigation of security vulnerabilities," according to the report.

The White House Cybersecurity Coordinator and the Department of Homeland Security (DHS) have been working together with agencies via two initiatives -- Trusted Internet Connection and Einstein -- to develop better insight into threats, according to the OMB.

Moreover in fiscal year 2010, agencies started reporting detailed security metrics through Cyberscope, a Federal system aimed at obtaining an accurate picture of agencies' security practices.

The next phase of this work will be the introduction in fiscal year 2011 of what's called the CyberStat management model across the federal government, according to the report. Through this, agency leaders will meet to examine security metrics reports from Cyberscope to develop plans to address cybersecuity issues revealed in that data.

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/14/2018
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Pat Osborne, Principal - Executive Consultant at Outhaul Consulting, LLC, & Cybersecurity Advisor for the Security Innovation Center,  3/12/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.