GAO: U.S. unready to face growing cyber threats

A few days ago, McAfee released a report that concludes that the age of cyber-war has arrived. According to current and former U.S. officials, the United States is not ready for such times.

A report from the U.S. Government Accountability Office (GAO) released two days ago alerted that cyber-threats facing federal networks and the U.S. critical infrastructure are becoming increasingly sophisticated. While the number of attacks is exponentially growing (security incidents grew “by over 200 percent from fiscal year 2006 to fiscal year 2008”), the report concludes that the United States is not optimally prepared to protect itself from such attacks.

The San Francisco Chronicle’s Alejandro Martinez-Cabrera reports that GAO has identified weaknesses in all major categories of information security controls at federal agencies. For example, in fiscal year 2008, weaknesses were reported in such controls at 23 of 24 major agencies. Specifically, agencies did not consistently authenticate users to prevent unauthorized access to systems; apply encryption to protect sensitive data; and log, audit, and monitor security-relevant events, among other actions.

Case in point: another GAO repor issued last month identified several network vulnerabilities at Los Alamos National Laboratory, one of the U.S. top national security research institutions.

At most risk are the nation’s power grids, transportation systems, telecommunications, financial institutions and health networks, which many experts agree are still very vulnerable and likely targets in case of an attack.

GAO said it has issued hundreds of recommendations and several initiatives at the federal level have already been set in motion with the purpose of beefing up security. Still, a Department of Justice associate deputy attorney general that told a Senate panel that current cyber-crime laws are not fit to properly respond to the growing threats on American businesses and government institutions also hinted that the Obama administration is unsure on how to improve them and still working on some proposals.

A former DHS cyber-security official criticized Congress for issuing often uncoordinated and contradictory laws that complicate their enforcement. In a recent survey, a third of U.S. government IT workers said their agencies are targeted by cyber-attackers at least once a day.

In 4 July weekend this year, several U.S. government Web sites went offline after being hit by a denial of service attack — a common tactic in which a flood of computers try to access a site at the same time and cause it to crash. Days later, South Korea was also hit by a similar attack and is now saying the aggression originated at North Korea’s telecommunications ministry.

“It’s obvious the [U.S.] government is still getting its act together on how to face the growing security challenges of the digital era, but at least now we know the problem has caught their attention and a shared sense of urgency is starting to show,” Martinez-Cabrera concludes.