SECURE THINKING BY TOM KEMP
Months after the devastating Office of Personnel Management (OPM) hack came to light — in which 21.5 million personnel records were stolen — the Government Accountability Office (GAO) has issued a report on the extent that US Federal Government is experiencing breaches. The report revealed that the number of security incidents impacting Federal agencies has grown from 5,503 in 2006 to 67,168 in 2014 — a massive 12x increase in 8 years — and that the US government is looking to hire 10,000 cyber professionals in the next year. In this blog post I will go over some of the highlights of the report and some of the short-term fixes being implemented.
So what are the threats facing the US Government? The Feds list out bot-network operators, criminal groups, hackers and hacktivists, malicious insiders, other nations and terrorists. In other words, not a trivial list of adversaries.
And what techniques or exploits are the bad guys using? You name it, they are facing it: cross-site scripting, denial of service attacks, malware, phishing, passive wiretapping, spamming, spoofing, SQL injection, war driving and zero-day exploits. Basically everything is being thrown at our government systems.
The net result is a 1121% increase in 8 years in security incidents that government knows about.
The GAO has quantified the five challenges that Federal agencies must address:
- limiting, preventing, and detecting inappropriate access to computer resources;
- managing the configuration of software and hardware;
- segregating duties to ensure that a single individual does not have control over all key aspects of a computer-related operation;
- planning for continuity of operations in the event of a disaster or disruption;
- implementing agency-wide security management programs that are critical to identifying control deficiencies, resolving problems, and managing risks on an ongoing basis.
And those challenges were fairly consistent across the 24 agencies of the US Government:
from health IT caucus http://ift.tt/1kVcOqy
via IFTTT
No comments:
Post a Comment