The number of cyber incidents affecting U.S. federal agencies shot up 39 percent in 2010, according to a new report from the Office of Management and Budget (OMB), but experts said the increase is partly a reflection of improved discovery capabilities within government.
According to the OMB report, the U.S. Computer Emergency Response Team (US-CERT), a division of the Department of Homeland Security tasked with coordinating the cyber defense of federal agencies, received a total of 107,439 “cyber incident” reports in 2010 from the federal government, state and local governments, commercial enterprises, U.S. citizens and foreign CERT teams. Such reports detail attempts to gain unauthorized access to systems or data, denial of service attacks, or changes to system hardware, firmware or software without the owner's consent.
The federal government was the target of approximately 41,776 of reported attacks in 2010, up from 30,000 the year before, according to the report.
Experts acknowledged that the number of attacks affecting the federal agencies has increased, but also said the government is doing a better job of monitoring and reporting such incidents.
Alan Paller, director of research at the SANS Institute, who has testified numerous times on cybersecurity issues before the U.S. House of Representatives and Senate, told SCMagazineUS.com that federal departments have been employing in their security operations centers more highly skilled workers who are doing a better job of discovering attacks.
“It is much like what happens when you start measuring crime in a city,” he said. “The first few times it goes up a lot because you find some you haven't measured before.”
In addition to building up security operations centers, agencies have, over the past year or so, made progress with efforts to deploy sensors for continuous monitoring and to implement the Trusted Internet Connection initiative, the purpose of which is to consolidate the number of external internet connections in use by the federal government, Paller said.
But while federal government has upped its defenses, the bad guys continue to outpace the rate of improvements overall, Paller said.
“The attackers have gotten more numerous, brazen and effective,” Paller said. “So, the attackers are getting better, faster than the federal government is improving.”
The government is facing more sophisticated, targeted attacks launched for the purpose of cyberespionage, Steve Dauber, vice president of marketing for risk management provider Red Seal, told SCMagazineUS.com.
“We should be worried about the attacks we are not detecting,” Dauber said.
Malicious code, often distributed through viruses, or so-called “logic bombs,” was the most prevalent attack type reported by federal agencies, accounting for 31 percent of total incidents suffered in 2010, according to the OMB report. There were repeated attacks on zero-day, or unpatched, vulnerabilities through social engineering attacks.
“Attackers from criminal entities and other actors aggressively exploited zero-day vulnerabilities in applications and products throughout the year,” the report states.