FedCIRC emerges to halt leaks

To help stem an exploding number of computer security breaches the first government-wide computer security response team begins offering this week services to civilian agencies.

The Federal Computer Incident Response Capability (FedCIRC) part of the National Institute of Standards and Technology will evaluate agencies' systems to pinpoint potential threats and weaknesses. FedCIRC also will offer technical support to recover from unauthorized intrusions customize its services to meet particular agency security needs and offer training and provide guidelines for agencies to improve security controls.

FedCIRC will attempt to turn around an accelerating number of computer security breaches. The number of reported security incidents in the public and private sector has skyrocketed from six in 1988 to 2 412 in 1995 according to the Computer Emergency Response Team (CERT) which is supported by the Defense Advanced Research Projects Agency and is based at the Software Engineering Institute at Carnegie Mellon University. These statistics however underestimate by tens of thousands the actual number of security breaches because agencies and corporations are reluctant or unable to report computer break-ins according to security officials.

In addition the General Accounting Office recently reported that 10 of the largest agencies have serious information security weaknesses some of which have existed for years.

"We've seen a greater exploitation of various holes" in computer systems said Pam Kotlenz information technology security manager for NASA's Louis Research Center and chairwoman of a NASA task force on computer security.

"The hacker community has become much more connected " she continued. "The attacks are becoming more sophisticated. We need a capability that allows us to be able to detect when we have a problem. I'm not sure we're doing a good job of that now."

Indeed civilian agencies have had few options to look for help in the event of a computer intrusion. Only a handful of agencies have in-house security response teams including the Energy Department's Computer Incident Advisory Capability (CIAC) and teams at NASA the Defense Department the Air Force the Navy the Veterans Health Administration and the Small Business Administration.

CERT offers services to all of government and the private sector but as the oldest and largest computer response team in the world CERT responds to a mammoth constituency and unlike FedCIRC does not provide specialized services.

FedCIRC has contracted with CIAC and CERT to operate the new service from their existing sites.FedCIRC will offer three levels of services to agencies for varying fees. For 250 hours of services per calendar year the fee is $250 000. The price tag for 160 hours is $110 000 per calendar year and 50 hours will cost $50 000.

FedCIRC will take emergency calls from agencies that do not subscribe but subscribers' requests will be handled first said Marianne Swanson a computer specialist at NIST's Computer Security Division.

FedCIRC will publish quarterly reports documenting security vulnerability trends at all civilian agencies and biannual reports that outline the reality of threats to government systems.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected