CybersecurityOMB reports on 2010 cybersecurity attacks
A new report on U.S. government cybersecurity says that in 2010 there were 41,776 reported cyber incidents of malicious intent in the federal network in 2010 out of a total 107,439 reported to the United States Computer Emergency Readiness Team;the number represented a 39 percent increase over 2009, when 30,000 incidents were reported by the feds of 108,710 attacks overall
According to the U.S. Office and Management and Budget’s (OMB) fiscal year 2010 report on the federal implementation of the Federal Information Security Management Act (FISMA), there were 41,776 reported cyber incidents of malicious intent in the federal network in 2010 out of a total 107,439 reported to the United States Computer Emergency Readiness Team (US-CERT). The number represented a 39 percent increase over 2009, when 30,000 incidents were reported by the feds of 108,710 attacks overall.
In terms of types of attacks, phishing, or the process of attempting to acquire sensitive information by posing as a trustworthy entity in an electronic communication, remained the top threat plaguing federal networks, although numbers were down slightly year over year. In 2010, the feds reported 56,579 phishing attacks (52.7 percent of the total number of incidents) as compared to the 70,132 phishing attacks reported in 2009 (64.5 percent of that year’s total).
11,001 reports of attacks by Trojans, viruses, worms, and logic bombs made up for 10.2 percent of the total in 2010, whereas in 2009, 8,779 reports of such attacks on federal networks, or 8.1% of the total number of incidents occurred.
The fiscal year 2010 FISMA report is the most comprehensive to date about the state of cybersecurity among agencies and the progress being made in this area. FISMA is a National Institute of Standards and Technology (NIST) act established in January 2003 to produce several key security standards and guidelines required by Congressional legislation.
According to the report, the federal government spent approximately $12 billion on IT security, or about 15 percent of the $80 billion annual federal IT budget. Personnel took up a good chunk of those costs, including salaries and benefits of government employees and the cost of paying contractors. Non-defense agencies spent 74 percent of their IT security costs on personnel-related activities, according to the report.
The report also shows the progress agencies are making in terms of implementing FISMA as a real-time detection and mitigation of security vulnerabilities tool.
DHS and The White House Cybersecurity Coordinator have been using the Trusted Internet Connection (TIC) initiative to optimize individual external connections and internet points of presence and the Einstein initiative, an automated process for collecting, correlating, analyzing, and sharing computer security information to improve the nation’s situational awareness.
In FY 2010, agencies started reporting detailed security metrics through Cyberscope, a Federal system aimed at obtaining an accurate picture of agencies’ security practices.
The next phase of this work will be the introduction of CyberStat, a management model, according to the report. Agency leaders will meet to examine security metrics from Cyberscope to develop plans to address cybersecurity issues revealed by data.
