Federal security incidents shoot up 650 percent

Share this article:
Federal agencies have, over the past five years, experienced a 650 percent increase in malware infections and other security incidents, according to a report from the U.S. Government Accountability Office (GAO).

Agencies reported a total of 41,776 incidents in 2010 – such as virus and worm outbreaks, unauthorized access ,and denial-of-service – compared to just 5,503 in 2006, according to the report, released Monday.

Further, GAO audits have uncovered governmentwide weaknesses in information security controls that are putting data and systems at an increased risk. Assessments conducted during 2010 revealed that all 24 major federal agencies had deficiencies related to access controls, as well as configuration and security management.

“Weakness in [agencies'] information security policies and practices compromised their efforts to protect against threats,” the report said.

The GAO has made hundreds of recommendations to agencies in 2010 and 2011 to address these problems, and while some progress has been made, most suggestions have not been fully implemented, according to the report.

The Internal Revenue Service (IRS), for example, has not sufficiently restricted employee access to databases, or remediated many other previously reported security issues.

“As a result, financial and taxpayer information remain unnecessarily vulnerable to insider threats and at increased risk of unauthorized disclosure, modification or destruction,” the report states.

And the IRS isn't alone.

In its report, the GAO also called out the Federal Deposit Insurance Corp. and the National Archives and Records Administration. Further, none of the 24 agencies have fully implemented an agencywide information security program, as required by the Federal Information Security Management Act (FISMA).

Despite the grim report card, the GAO noted that some progress has been made. The White House Office of Management and Budget (OMB), which is required by FISMA to develop and oversee agency implementation of information security, has launched a new online tool, called CyberScope, an application that went online in 2009, and is used to securely and efficiently report security-related information and provide analysis.

Additionally, the OMB developed new metrics meant to encourage agencies to focus on risk and improve information security.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.