Cybercriminals and other villains intent on stealing all manner of personal and government data are bombarding federal government agencies.
Over the past 5 years, the number of incidents reported by federal agencies to US-CERT (United States Computer Emergency Readiness Team) has increased from 5,503 incidents in fiscal year 2006 to 41,776 incidents in fiscal year 2010 -- including a more than tripling of the volume of malicious software since 2009 -- an increase of over 650%, according to a Government Accountability Office security report out this week.
US-CERT aggregates and disseminates cybersecurity information to improve warning and response to incidents, increase coordination of response information, reduce vulnerabilities, and enhance prevention and protection, the GAO added.
"Reported attacks and unintentional incidents involving federal systems and critical infrastructure systems demonstrate that a serious attack could be devastating. Agencies have experienced a wide range of incidents involving data loss or theft, computer intrusions, and privacy breaches, underscoring the need for improved security practices," the GAO stated.
The good news is perhaps that according to US-CERT, the growth in the gross number of incidents is attributable, at least in part, to agencies improving detection of security incidents on their respective networks, and then possibly implementing appropriate responsive and preventative countermeasures, the GAO stated.
Agencies reported the following types of incidents are occurring frequently:
- Unauthorized access: Gaining logical or physical access to a federal agency's network, system, application, data, or other resource without permission.
- Denial of service: Preventing or impairing the normal authorized functionality of networks, systems, or applications by exhausting resources. This activity includes being the victim of or participating in a denial of service attack.
- Malicious code: Installing malicious software (e.g., virus, worm, Trojan horse, or other code-based malicious entity) that infects an operating system or application. Agencies are not required to report malicious logic that has been successfully quarantined by antivirus software.
- Improper usage: Violating acceptable computing use policies.
- Scans/probes/attempted access: Accessing or identifying a federal agency computer, open ports, protocols, service, or any combination of these for later exploit. This activity does not directly result in a compromise or denial of service.
Follow Michael Cooney on Twitter: nwwlayer8
Layer 8 Extra
Check out these other hot stories: