A crash course in security incident reporting

FY 2003 report to Congress

Security incidents that federal agencies reported in 2003 reveal a sharply divided picture of information security across the federal government.

The incident numbers, which the Office of Management and Budget reported to Congress March 3, were so divergent that OMB officials say they will go back to the drawing board to help agencies understand incident reporting requirements.

"We do have a governmentwide definition" for a security incident, said an OMB official who spoke on condition of anonymity. "But what we're finding is interpretation differences, even between bureaus."

Despite a federal definition, the Department of Housing and Urban Development reported a single information security incident last year, while Department of Health and Human Services officials recorded 348.9 million incidents.

Without more information than the aggregate numbers, the OMB official said it is impossible to know which number, if any, is suspect. However, in their report to Congress, OMB officials expressed "a continuing concern regarding the timeliness and accuracy of incident reporting by agencies."

Agencies also poorly notified the Federal Computer Incident Response Center of security incidents. Although such reporting is mandatory, agencies reported only 506,291 incidents to FedCIRC last year, a year in which federal agencies, in some cases, said they had had millions of such incidents.

Partly because of the difficulty of getting good incident data, Homeland Security Department officials have created several interagency groups to work on the problem. Indeed, one option might be a technical one, in which FedCIRC would pull incident data automatically from agency systems, the OMB report said. Automating the incident reporting process would greatly increase the raw data available for analysis.

What is most significant, though, is the number of times an attacker gains access and takes control of a machine remotely. "For the most part, you have no clue," either about when or how often this actually is occurring, said Alan Paller director of research at the SANS Institute.

Rutrell Yasin contributed to this article.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.

Featured

  • FCW @ 30 GPS

    FCW @ 30

    Since 1996, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

  • Shutterstock image.

    Merged IT modernization bill punts on funding

    A House panel approved a new IT modernization bill that appears poised to pass, but key funding questions are left for appropriators.

  • General Frost

    Army wants cyber capability everywhere

    The Army's cyber director said cyber, electronic warfare and information operations must be integrated into warfighters' doctrine and training.

  • Rising Star 2013

    Meet the 2016 Rising Stars

    FCW honors 30 early-career leaders in federal IT.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group