Feds avoid Blaster

FedCIRC Patch Authentication and Dissemination Capability

The Internet worm snarling computers nationwide last week amounted to much ado about nothing for federal agencies.

That was largely because most of them applied the necessary software fix when alerted to the problem by the Homeland Security Department's National Cyber Security Division, officials said.

The Blaster worm, also known as Lovesan, spread rapidly, taking advantage of a vulnerability in versions of Microsoft Corp.'s Windows operating system.

Experts discovered the vulnerability in July. DHS' cybersecurity division, through the Federal Computer Incident Response Center (FedCIRC), warned of the susceptibility July 17 and provided information about Microsoft's patch.

"Our patch rates were quite good, as evidenced by the fact that...we've had only sporadic reports of impact at federal agencies," said David Wray, a spokesman for the department. "We appear to have done our job."

At the Navy, some old systems were hit, but none of the systems installed as part of the Navy Marine Corps Intranet, according to a spokesman for the lead NMCI contractor, EDS.

FedCIRC has long pushed to get agency officials to report on the application of patches. The organization recently rolled out its Patch Authentication and Dissemination Capability service, which lets systems administrators get information only on patches that are relevant to the organization's networks. That effort appears to be paying off, Wray said.

Many agencies have signed up for the service, and the Office of Management and Budget has been promoting it as a cost-effective way to protect systems.

The office also has a rapid response procedure by which FedCIRC keeps in touch with agency IT officials via e-mail and phone.

Between the July alert and the rapid response activity last week, "we were in very good shape," said Mark Forman, before leaving his job as administrator of OMB's Office of E-Government and Information Technology Aug. 15.

At the state government level, several agencies were not as lucky. Such lack of preparation came as a surprise because "on this one, people were aware [an attack] was coming their way," said Don Heiman, former Kansas chief information officer and cybersecurity leader for the National Association of State CIOs.

NASCIO and DHS officials are considering creating a center where state and federal agencies could exchange information on alerts and coordinate their responses. Steve Cooper, DHS' CIO, is looking into federal funding for that project, but the details are still not firm, said Chris Dixon, digital government issues coordinator for NASCIO.

Matthew French and Dibya Sarkar contributed to this story.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group