Cyber Attacks Against U.S. Government Up Sharply in 2010, OMB Says
Cyber attacks on federal assets increased 39 percent in 2010, said a White House report made public Friday. Last year the U.S. Computer Emergency Readiness Team (US-CERT) processed nearly 42,000 cyber incidents against the government, up from 30,000 incidents the year prior, said the Office of Management and Budget’s 2010 Federal Information Security Management Act (FISMA) report. Malicious code attacks including phishing, viruses and logic bombs were the most common attacks reported.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The WikiLeaks incident prompted every federal agency that handles classified information to conduct security assessments and ensure that users don’t have access to information that is irrelevant to their jobs, the report said. Half of all federal agencies are now using encrypted laptop computers and automated vulnerability management systems to scan IT assets for vulnerabilities like software flaws. Nearly 80 percent of new federal workers said they received security awareness training before they were granted network access, the report said. Further structural security reforms are being considered by Russell Travers, an adviser on the White House national security staff.
Federal agencies spent $12 billion on IT security last year, much of which went to salaries and benefits for security personnel and contractors, the report said. More than a third of all federal security work in 2010 was completed by contractors, it said. “Making the IT security workforce more productive, more capable and more collaborative offers one of the most significant cost-effective strategies in IT security spending.”
Starting this year, federal agencies will now report their IT security scans more frequently, U.S. CIO Vivek Kundra said in a written statement. “To provide for more effective security at a lower cost, we have shifted the cybersecurity policy of the federal government from old-style, paper-based reports to continuous monitoring; launched a centralized platform run by the Department of Homeland Security for meaningful and actionable insight into agency cybersecurity postures government-wide; and directed agencies to fund tools to support continuous monitoring and improve incident response."
"A continued focus is needed to remain ever vigilant and forward looking,” the report said. In 2011 the government plans to establish security standards for government use of mobile devices, applications, platforms and networks, it said. The government is still evaluating metrics for the expansion of telework options and increased use of cloud computing, the report said. The main federal security priority for 2011 is building a “defensible federal enterprise that allows the government to have information security as a key enabler instead of a limiting factor in harnessing technological innovation,” the report said.