Agencies return Anna's serve

Bug swatted, but lack of coordination still plagues feds

FedCIRC

Although federal agencies escaped major harm last week when the latest e-mail virus zipped through the United States, they still have far to go in organizing the response to cyberattacks across the government.

As a whole, federal agencies seemed better prepared to react to the "Anna Kournikova" virus that started spreading through the United States the morning of Feb. 12 than they had been with the similar "ILOVEYOU" virus last May. That virus hit almost every federal agency, overloaded many e-mail servers and caused some to shut down for days.

With "Anna," named for the tennis player, the Federal Computer Incident Response Capability saw only a few agencies reporting infections. And those that were infected reacted quickly and killed the virus before it caused any disruptions, said David Jarrell, director of FedCIRC, the government's central organization for cyberattack response. "I think we had a much better response. We didn't have any reports of anyone getting overwhelmed by this," Jarrell said. "The government saw considerably less impact and was better prepared to handle it."

But although the impact was slight this time, agencies still lag in coordinating their anti-hacking efforts. A new policy issued late last year by the Office of Management and Budget and the federal CIO Council called for creating a single standard to coordinate cross-agency security by ensuring that FedCIRC be made aware of all incidents and actions.

But FedCIRC has seen a tepid response. "We have had a couple of reports, but not many," Jarrell said. "We can preach until we're blue in the face, but there is no way to make them report."

Almost every department and agency has signed an agreement with FedCIRC, providing points of contact and outlining how they will interact with the organization, according to a staff member on the CIO Council's Security, Privacy and Critical Infrastructure Committee. But there is no way to enforce those agreements, especially since the new administration has yet to name a deputy director for management at OMB, the staffer said.

Some of the agencies affected by the latest virus did submit reports to FedCIRC, including the Energy and Education departments.

Because Energy had measures in place to detect and block the virus, the headquarters were "barely affected. Four sites were affected in the field and six other sites saw it but blocked it before it got the machines," said Hope Williams, an Energy spokeswoman.

At Education, the CIO's office sent an alert out across the department and notified FedCIRC, but by the time those steps were taken, both knew of the virus' existence, said CIO Craig Luigart.

Other agencies, such as the Treasury Department, did not report to FedCIRC but warded off harm because "we did the stuff we were supposed to do," a department official said. In the wake of the love bug last year, Treasury implemented the security patch issued by Microsoft Corp., and as a result, nothing major happened, the official said.

Some agencies, including the National Archives and Records Administration and the State Department, saw no signs of the virus.

The new virus employed the same method as the love bug, attacking the Microsoft Outlook and Outlook Express e-mail applications. It is a VB Script attachment that, when executed, infects the system and then e-mails itself to every person in that user's address book.

The e-mail's subject reads "Here you have, ;0)" and the message reads "Hi: Check This!" The attachment is "Anna Kournikova.jpg.vbs."

However, the virus does not mutate as quickly or as often as the love bug did, and organizations now know what to look for, making it relatively easy to block, said Liam Yu, product manager in Network Associates Inc.'s Anti-Virus Emergency Response Team research lab.

"People are prepared not only to react, but they also know what to do," Yu said.

The Education Department credited the lack of major disruptions to a better-trained user base and improved monitoring procedures. The agency's operations team noticed the virus at about 9 a.m. and soon wrote customized VBS blocking scripts that prevented further infected e-mail messages from being delivered to agency in-boxes, Luigart said.

The U.S. Postal Service got through safely thanks to its three-level defense system to prevent virus infections, said the agency's virus expert, Wayne Grimes. Incoming e-mails are scanned at a firewall to turn away any with suspicious attachments. Opened files are scanned before being written to disks to ensure they do not contain viruses. And the subject lines and text of all incoming and outgoing e-mail messages are scanned for patterns that suggest a virus.

FCW staff contributed to this article.

MORE INFO

An OMB/CIO Council memo requires agencies to take three steps when an

externally generated security incident occurs:

1. Report incident to FedCIRC.

2. Make sure alerts and warnings from FedCIRC go to the appropriate

people at each agency.

3. Acknowledge to FedCIRC, when necessary, that those people received

the messages and detail the corrective actions taken. n

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.