A central point for collection of information that relates to computer security. Including, but not limited to, security advisories from the major vendors, major data breaches, “phishing” alerts, commentary regarding staffing levels. etc. etc.
GAO and Cybersecurity
June 17, 2010 at 11:51 am #103152
Continued Attention Is Needed to Protect Federal Information Systems from Evolving Threats
date: June 16, 2010
What GAO found
Cyber-based threats to federal systems and critical infrastructure are evolving and growing. These threats can come from a variety of sources, including criminals and foreign nations, as well as hackers and disgruntled employees. These potential attackers have a variety of techniques at their disposal, which can vastly enhance the reach and impact of their actions. For example, cyber attackers do not need to be physically close to their targets, their attacks can easily cross state and national borders, and cyber attackers can easily preserve their anonymity. Further, the interconnectivity between information systems, the Internet, and other infrastructure presents increasing opportunities for such attacks. Consistent with this, reports of security incidents from federal agencies are on the rise, increasing by over 400 percent from fiscal year 2006 to fiscal year 2009.
Compounding the growing number and kinds of threats, GAO—along with agencies’ internal assessments—has identified significant deficiencies in the security controls on federal information systems, which have resulted in pervasive vulnerabilities. These include weaknesses in the security of both financial and non-financial systems and information, including vulnerabilities in critical federal systems. These deficiencies continue to place federal assets at risk of inadvertent or deliberate misuse, financial information at risk of unauthorized modification or destruction, and critical operations at risk of disruption.
Multiple opportunities exist to improve federal cybersecurity. To address identified deficiencies in agencies’ security controls and shortfalls in their information security programs, GAO and agency inspectors general have made hundreds of recommendations over the past several years, many of which agencies are implementing. In addition, the White House, the Office of Management and Budget, and certain federal agencies have undertaken several governmentwide initiatives intended to enhance information security at federal agencies. While progress has been made on these initiatives, they all face challenges that require sustained attention, and GAO has made several recommendations for improving the implementation and effectiveness of these initiatives. Further, the Department of Homeland Security also needs to fulfill its key cybersecurity responsibilities, such as developing capabilities for ensuring the protection of cyber-based critical infrastructures and implementing lessons learned from a major cyber simulation exercise. Finally, a GAO-convened panel of experts has made several recommendations for improving the nation’s cybersecurity strategy. Realizing these opportunities for improvement can help ensure that the federal government’s systems, information, and critical cyber-based infrastructures are effectively protected.
You must be logged in to reply to this topic.