01:57 PM

Federal Cyber Attacks Rose 39% In 2010

While total incidents reported to US-CERT were down, government networks experienced more attacks than in 2009, according to a Congressional report.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
Cyber attacks on the federal government increased in 2010 over the previous year, even though the total number of cybersecurity incidents was down overall, according to a new report from the Office of Management and Budget (OMB).

There were 41,776 reported cyber incidents of malicious intent in the federal network in 2010 out of a total 107,439 reported to the United States Computer Emergency Readiness Team (US-CERT), according to the OMB's fiscal year 2010 report on federal implementation of the Federal Information Security Management Act (FISMA). The number represented a 39% increase over 2009, when 30,000 incidents were reported by the feds, of 108,710 attacks overall, according to the report.

In terms of types of attacks, phishing remained the top threat plaguing federal networks, although numbers were down slightly year over year. In 2010 the feds reported 56,579 phishing attacks, or 52.7% of the total number of incidents. In 2009, they reported 70,132 phishing attacks, or 64.5% of that year's total.

Attacks by Trojans, viruses, worms, and logic bombs were up slightly year over year, however, with 11,001 reports of such attacks, or 10.2% of the total number in 2010. In 2009, there were 8,779 reports of such attacks on federal networks, or 8.1% of the total number of incidents.

The fiscal year 2010 FISMA report is the most comprehensive to date about the state of cybersecurity among agencies and the progress being made in this area. FISMA is a National Institute of Standards and Technology (NIST) security standard for cybersecurity and provides oversight for how agencies are handling this issue.

Federal officials like U.S. CIO Vivek Kundra so far have been vague about how much federal investment is going toward cybersecurity and where the feds are spending the money, but the 2010 report has some solid figures and data and where cybersecurity investment goes.

The federal government spent about $12 billion on IT security, or about 15% of the approximately $80 billion annual federal IT budget, according to the report. Personnel took up a good chunk of those costs, including salaries and benefits of government employees and the cost of paying contractors. Non-defense agencies spent 74% of their IT security costs on personnel-related activities, according to the report.

The report also shows the progress agencies are making in terms of implementing FISMA, depicting a scenario in which this activity has gone from an afterthought to a priority for which agencies are changing their policies.

It used to be that the data security professionals needed to analyze to better protect agency system was not available until after it would be useful, according to the OMB. However, agencies have developed new methods to protect their systems "to move FISMA implementation toward the real-time detection and mitigation of security vulnerabilities," according to the report.

The White House Cybersecurity Coordinator and the Department of Homeland Security (DHS) have been working together with agencies via two initiatives -- Trusted Internet Connection and Einstein -- to develop better insight into threats, according to the OMB.

Moreover in fiscal year 2010, agencies started reporting detailed security metrics through Cyberscope, a Federal system aimed at obtaining an accurate picture of agencies' security practices.

The next phase of this work will be the introduction in fiscal year 2011 of what's called the CyberStat management model across the federal government, according to the report. Through this, agency leaders will meet to examine security metrics reports from Cyberscope to develop plans to address cybersecuity issues revealed in that data.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-09
Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.

Published: 2015-10-09
The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors.

Published: 2015-10-09
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

Published: 2015-10-09
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

Published: 2015-10-09
The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.