[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Fed agencies' networks at risk
From:       mea culpa <jericho () dimensional ! com>
Date:       1998-09-26 0:47:33
[Download RAW message or body]

Forwarded From: darek milewski <darekm@cmeasures.com>

Fed agencies' networks at risk
By Tim Clark
Staff Writer, CNET News.com
September 24, 1998, 5:25 p.m. PT
URL: http://www.news.com/News/Item/0,4,26801,00.html

Network security weaknesses in the 24 largest U.S. government agencies,
including the Internal Revenue Service and the Defense Department, put
critical government operations and data at "great risk of fraud, misuse,
and disruption," according to the investigative arm of Congress. 

Security weaknesses at the Defense Department could jeopardize the
nation's military capabilities, while vulnerabilities at the Treasury
Department increase the risk of fraud in billions of dollars' worth of
federal payments and receipts. 

In addition, sensitive tax, medical, and other personal records on file
with the government are at risk of disclosure, according to a report
issued this week by the General Accounting Office. 

The report details progress in some areas since the GAO's September 1996
effort on the same topic. The current report calls for additional action,
however. "The need for improved federal information security has received
increased visibility and attention, but more effective actions are needed
both at the individual agency level and the government-wide level," it
says. 

The GAO calls for coordinated activities between new and existing agencies
to avoid duplication of effort. One of those new agencies is the Critical
Infrastructure Assurance Office, created in May with much fanfare and a
major speech by President Clinton. 

"[The report] does pan the federal government a little bit," conceded
Gordy Bendick, the CIAO's deputy director of external affairs. 

"We are working to do exactly what this report recommends, which is to
improve and enhance computer security in the U.S.  government and to serve
as a leader to the private sector at the same time," Bendick said, adding
that his agency is still early in implementing security measures. 

The report's executive summary offers little detail on break-ins or losses
because of poor network security. It cited a March 1998 survey of both
public and private sectors by the Computer Security Institute and the FBI
that found a 16 percent increase in security breaches over the previous
year. It also cited a October 1997 government report noting the
interactions among public and private infrastructures are so complex that
potential harm could not be estimated. 

The GAO recommended both action by individual agencies and coordination by
central oversight groups. 

"Agency officials have not instituted procedures for ensuring that risks
are fully understood and that controls implemented to mitigate risks are
effective," the report states. "Poor security program planning and
management continue to be fundamental problems." 

The report added that it is too early to evaluate the effectiveness of
Clinton's May directives on computer security in the federal government. 

The most common security weakness was poor control over access to
sensitive data and systems, the report found. 

In February, Attorney General Janet Reno outlined a plan for an FBI-run
National Infrastructure Protection Center to counter hackers, crackers,
and others who commit computer crimes. 

-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]


[prev in list] [next in list] [prev in thread] [next in thread]