This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mimeat_private for more info. --------------086B8880B2A0F5425EA1B6DE Content-Type: TEXT/PLAIN; CHARSET=us-ascii Content-ID: <Pine.SUN.3.96.980925184632.8800Cat_private> Forwarded From: darek milewski <darekmat_private> Fed agencies' networks at risk By Tim Clark Staff Writer, CNET News.com September 24, 1998, 5:25 p.m. PT URL: http://www.news.com/News/Item/0,4,26801,00.html Network security weaknesses in the 24 largest U.S. government agencies, including the Internal Revenue Service and the Defense Department, put critical government operations and data at "great risk of fraud, misuse, and disruption," according to the investigative arm of Congress. Security weaknesses at the Defense Department could jeopardize the nation's military capabilities, while vulnerabilities at the Treasury Department increase the risk of fraud in billions of dollars' worth of federal payments and receipts. In addition, sensitive tax, medical, and other personal records on file with the government are at risk of disclosure, according to a report issued this week by the General Accounting Office. The report details progress in some areas since the GAO's September 1996 effort on the same topic. The current report calls for additional action, however. "The need for improved federal information security has received increased visibility and attention, but more effective actions are needed both at the individual agency level and the government-wide level," it says. The GAO calls for coordinated activities between new and existing agencies to avoid duplication of effort. One of those new agencies is the Critical Infrastructure Assurance Office, created in May with much fanfare and a major speech by President Clinton. "[The report] does pan the federal government a little bit," conceded Gordy Bendick, the CIAO's deputy director of external affairs. "We are working to do exactly what this report recommends, which is to improve and enhance computer security in the U.S. government and to serve as a leader to the private sector at the same time," Bendick said, adding that his agency is still early in implementing security measures. The report's executive summary offers little detail on break-ins or losses because of poor network security. It cited a March 1998 survey of both public and private sectors by the Computer Security Institute and the FBI that found a 16 percent increase in security breaches over the previous year. It also cited a October 1997 government report noting the interactions among public and private infrastructures are so complex that potential harm could not be estimated. The GAO recommended both action by individual agencies and coordination by central oversight groups. "Agency officials have not instituted procedures for ensuring that risks are fully understood and that controls implemented to mitigate risks are effective," the report states. "Poor security program planning and management continue to be fundamental problems." The report added that it is too early to evaluate the effectiveness of Clinton's May directives on computer security in the federal government. The most common security weakness was poor control over access to sensitive data and systems, the report found. In February, Attorney General Janet Reno outlined a plan for an FBI-run National Infrastructure Protection Center to counter hackers, crackers, and others who commit computer crimes. --------------086B8880B2A0F5425EA1B6DE-- -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:06:00 PDT