Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, February 17, 2009

Number of reported cyber incidents jumps

Federal civilian agencies reported three times as many cyber-related incidents in fiscal 2008 as they did in fiscal 2006 to the Homeland Security Department’s office that coordinates defenses and responses to cyberattacks.  The agencies reported to DHS’ United States Computer Emergency Readiness Team (US-CERT) a total of 18,050 incidents in fiscal 2008, compared with 12,986 in fiscal 2007 and 5,144 in fiscal 2006, according to DHS officials.  Overall, the total number of incidents reported to US-CERT from commercial, foreign, private, and federal, state and local government sectors rose from 24,097 in fiscal 2006 to 72,065 in fiscal 2008.

The Federal Information Security Management Act requires agencies to report cyber incidents, which are defined as acts that violate computer security or acceptable-use policies.

Mischel Kwon, US-CERT’s director, said that the numbers represent both an increase in malware and improvements in the capabilities of US-CERT and agencies to detect and report cyber incidents.  “Both parts of the story are true: There is an increase in mal events, and there is an increase in capabilities in order to detect those mal events.”  Kwon added that the numbers were a bit deceiving because the reports are based on manual reporting by agencies and that there are few security operations centers that monitor federal agency networks.

US-CERT, the operational arm of DHS’ National Cyber Security Division, works to analyze and reduce threat capabilities throughout government and industry, disseminate warning information and coordinate incident response activities.  US-CERT also runs Einstein, a federal network-monitoring system.  It is in the process of deploying a second version of the system with enhanced capabilities.

Kwon added that visibility across the federal network and incident reporting will improve as the second version of Einstein is deployed and agencies continue to reduce the number of connections they have to Internet under the Trusted Internet Connection project.

Posted on 02/17