Federal agencies have not been able to protect themselves against malware and other security incidents, which have increased more than 650 percent in the past five years, states a new report from the Government Accountability Office (GAO).
It found 41,776 cybersecurity incidents in 2010, up from just 5,503 in 2006. The GAO also analyzed the security practices of two dozen federal agencies, and gave recommendations on improving federal cybersecurity in line with the Federal Information Security Management Act of 2002. It noted, however, these implementations were not yet in place.
“An underlying reason for these weaknesses is that agencies have not fully implemented their information security programs,” states the report. “As a result, they have limited assurance that controls are in place and operating as intended to protect their information resources, thereby leaving them vulnerable to attack or compromise.”
Agencies that were evaluated included the Department of Homeland Security, the Nuclear Regulatory Commission, and the Department of Commerce. The report found none of them fully implemented GAO’s security recommendations.
The Internal Revenue Service (IRS), for example, did not sufficiently restrict employee access into its databases or implement many other security measures. This means that taxpayer and financial information “remain unnecessarily vulnerable to insider threats” and could be destroyed, modified, or disclosed, according to the report.
Meanwhile, IRS financial data is at an increased risk of error “and the agency’s management decisions may be based on unreliable or inaccurate financial information,” it adds.
Other agencies are also at risk of unauthorized access to government computers as well as malware and denial of service (DoS) attacks on government websites, according to GAO. A DoS attack works by overloading a website to take it offline.
The actions of federal government employees, with some being some intentional and some accidental, also factored into the increase in malware and other cybersecurity problems.
In one instance, a government employee was tricked by a targeted e-mail to visit website saying he would win a new car, but first had to answer questions about his pets. “Later, he found that several credit cards had been opened in his name and large amounts of pet supplies had been ordered without his knowledge,” the report states.
In another incident, an employee at a government financial institution used a bank hard drive that he had reported as stolen and downloaded unauthorized accounting source code onto it. Security personnel at the agency believe he gave the code to a student in another country, according to GAO.
The report also warned of future attacks intended to slow or stop traffic to government websites. It states “A well-known hacker group … was planning a cyber protest attack on a federal agency, using mobile phones and massive crowds of supporters as well as online supporters.” Such incidents, such as those launched by hacker group Anonymous, typically include cyberattacks alongside physical protests.
GAO concluded that unless these agencies have fully implemented the proper security programs, federal computer systems will have a higher risk of attack or compromise.
Article source: http://www.theepochtimes.com/n2/technology/federal-cybersecurity-attacks-increased-650-percent-in-5-years-62564.html
View full post on National Cyber Security