More Cyber Attacks Against Government In 2010
posted by Mark Boardbent | 24.03.2011
Cyber attacks against the US federal government rose by nearly 40 percent last year, reports the Federal times.
The Office of Management Budget's annual report on the federal cybersecurity effort showed that there were no fewer than 41,776 cyber attacks on government systems during 2010. This was up from the 30,000 recorded the previous year, a rise of 39 per cent.
The figures were released by the Department of Homeland Security (DHS) U.S. Computer Emergency Readiness Team (US-CERT).
Chris Ortman, DHS spokesman, said that the DHS "anticipates that malicious cyber activity will continue to become more common, more sophisticated and more targeted - and range from unsophisticated hackers to very technically competent intruders using state-of-the-art techniques."
Cyber Security Threats
Out of the total number of cyber attacks 12,864 were classified as malicious. Another 11,336 are under investigation, with unauthorized access, denial of service attacks, improper usage, scans probes and attempted access making up the remainder. Phishing was the major threat, with reported 56,579 attacks. There were 11,001 reports of attacks by trojan worms and viruses.
OMB's report said that particular cyber security threats for government were attacks exploiting so-called "zero-day", or unknown, vulnerabilities in software. The report said the "exploit codes" used to undertake such attacks are often made public through the internet.
Government Cyber Security
The report said government cyber security is let down by the fact that two-thirds of federal are not yet continuously monitoring their networks. The report said 8 per cent had no monitoring systems in place at all.
However, the report also praised federal government's response to the growing cyber security threat by saying that agencies are now changing their policies to implement the Federal Information Security Management Act (FISMA) which lays down standards and policies about how agencies should deal with information security.
Last year also saw the introduction of a security threat reporting metric called Cyberscope, which aims to create a picture of how agencies are meeting their security obligations. During fiscal year 2011 a management model called CyberStat will be introduced across federal government which will allow agencies to examine security metrics and develop security plans to respond to any threats.