[ISN] Fed agencies' networks at risk

From: mea culpa (jerichoat_private)
Date: Fri Sep 25 1998 - 17:47:33 PDT

  • Next message: mea culpa: "[ISN] Alpha Testing of Voice Verification for Internet and E-Commerce Security"

      This message is in MIME format.  The first part should be readable text,
      while the remaining parts are likely unreadable without MIME-aware tools.
      Send mail to mimeat_private for more info.
    Content-Type: TEXT/PLAIN; CHARSET=us-ascii
    Content-ID: <Pine.SUN.3.96.980925184632.8800Cat_private>
    Forwarded From: darek milewski <darekmat_private>
    Fed agencies' networks at risk
    By Tim Clark
    Staff Writer, CNET News.com
    September 24, 1998, 5:25 p.m. PT
    URL: http://www.news.com/News/Item/0,4,26801,00.html
    Network security weaknesses in the 24 largest U.S. government agencies,
    including the Internal Revenue Service and the Defense Department, put
    critical government operations and data at "great risk of fraud, misuse,
    and disruption," according to the investigative arm of Congress. 
    Security weaknesses at the Defense Department could jeopardize the
    nation's military capabilities, while vulnerabilities at the Treasury
    Department increase the risk of fraud in billions of dollars' worth of
    federal payments and receipts. 
    In addition, sensitive tax, medical, and other personal records on file
    with the government are at risk of disclosure, according to a report
    issued this week by the General Accounting Office. 
    The report details progress in some areas since the GAO's September 1996
    effort on the same topic. The current report calls for additional action,
    however. "The need for improved federal information security has received
    increased visibility and attention, but more effective actions are needed
    both at the individual agency level and the government-wide level," it
    The GAO calls for coordinated activities between new and existing agencies
    to avoid duplication of effort. One of those new agencies is the Critical
    Infrastructure Assurance Office, created in May with much fanfare and a
    major speech by President Clinton. 
    "[The report] does pan the federal government a little bit," conceded
    Gordy Bendick, the CIAO's deputy director of external affairs. 
    "We are working to do exactly what this report recommends, which is to
    improve and enhance computer security in the U.S.  government and to serve
    as a leader to the private sector at the same time," Bendick said, adding
    that his agency is still early in implementing security measures. 
    The report's executive summary offers little detail on break-ins or losses
    because of poor network security. It cited a March 1998 survey of both
    public and private sectors by the Computer Security Institute and the FBI
    that found a 16 percent increase in security breaches over the previous
    year. It also cited a October 1997 government report noting the
    interactions among public and private infrastructures are so complex that
    potential harm could not be estimated. 
    The GAO recommended both action by individual agencies and coordination by
    central oversight groups. 
    "Agency officials have not instituted procedures for ensuring that risks
    are fully understood and that controls implemented to mitigate risks are
    effective," the report states. "Poor security program planning and
    management continue to be fundamental problems." 
    The report added that it is too early to evaluate the effectiveness of
    Clinton's May directives on computer security in the federal government. 
    The most common security weakness was poor control over access to
    sensitive data and systems, the report found. 
    In February, Attorney General Janet Reno outlined a plan for an FBI-run
    National Infrastructure Protection Center to counter hackers, crackers,
    and others who commit computer crimes. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:06:00 PDT