Federal Network Security Incidents up 650% According to GAO

Logo of the United States Government Accountab...

Image via Wikipedia

Network security incidents at federal agencies have soared 650 percent during the past five years according to a just-released GAO report.

The most prevalent types of cyber events included infections from malicious code  (30 percent of incidents); violations of acceptable use policies; and intrusions into networks, applications and other data resources.  During the past five years, the number of reported events has grown from 5,503 in 2006 to 41,776 in 2010.

The main reason agency computers are vulnerable to contamination is departments have failed to implement security controls, according to the audit. Agencies do not always adequately train personnel responsible for system security, regularly monitor safeguards, successfully fix vulnerabilities or resolve incidents in a timely fashion.


New Bill Gives President Emergency Powers over Cyberspace

The western front of the United States Capitol...

Image via Wikipedia

Earlier this week, Reuters obtained a draft copy of a bill circulating around Capitol Hill  which would give the president the power to declare an emergency in the case of a major online attack.  The bill could force certain businesses to enhance their cyber defenses and open themselves to greater scrutiny by the Federal Government.  Specifically, the bill would allow the president to declare an emergency if there is an imminent threat to the U.S. electrical grid or other critical infrastructure (such as the water supply or financial network) because of a cyber attack.

Entire industries, companies or portions of companies could be temporarily shut down, or be required to take other steps to address the situation.  The emergency declaration would last for 30 days, unless the president renews it. However, it cannot last more than 90 days without action from Congress.

This piece of legislation will be interesting to watch.  On one hand, many experts believe cyberspace is the battleground of the not-so-distant future.  With most of the nation’s critical infrastructure in the private sector, effectively preventing and responding to attacks is desirable.  However, any time the Federal Government ordains itself with the power to seize control of a private sector business, people get nervous (including the very vendors from which the government buys).

This story highlights the growing interweaving of government, commercial concerns, citizens and technology.  Don’t expect this debate to end anytime soon.

Cybersecurity: Hot Trend (Unfortunately) for Federal Government

Cybersecurity is one of the greatest concerns and hottest IT trends in government today.  Highlighted recently through reports of China’s hacking of Google, the issue has simmered for years.    Now the Department of Homeland Security says it is detecting new patterns of cyber attacks from foreign foes.

Einstein 2, a new “special-purpose intrusion-detection system (IDS)” has been detecting the attacks according to reports in NetworkWorld.  With only a handful of agencies now on the system, DHS says it is detecting between 100 and 10,000 cyber attacks on the federal agency per week.  The IDS will be widely deployed in federal networks during 2010.

According to NextGov.com, “cybersecurity” is defined as “…the protection of all things Internet — from the networks themselves to the information stored in computer databases and other applications.”   The concept has grown as businesses and government agencies send and process greater amounts of data online.  Its importance will continue to expand as broadband capacities swell and new technologies emerge that foster greater collaboration and data exchange.

Last week the House passed the 2009 Cybersecurity Enhancement Act.  According to NextGov.com the bill provides about $395 million in grants for computer and network security R&D between 2010 and 2014.  It also funds nearly $100 million in scholarships to recruit and train cybersecurity professionals, and $120 million for research facility construction and training program development at colleges and universities. The bill requires a task force, made up of representatives from federal government, industry and academia, to consider how to encourage collaborative research and development for cybersecurity.  There is no companion bill in the Senate yet.