FedCIRC emerges to halt leaks

To help stem an exploding number of computer security breaches the first government-wide computer security response team begins offering this week services to civilian agencies.

The Federal Computer Incident Response Capability (FedCIRC) part of the National Institute of Standards and Technology will evaluate agencies' systems to pinpoint potential threats and weaknesses. FedCIRC also will offer technical support to recover from unauthorized intrusions customize its services to meet particular agency security needs and offer training and provide guidelines for agencies to improve security controls.

FedCIRC will attempt to turn around an accelerating number of computer security breaches. The number of reported security incidents in the public and private sector has skyrocketed from six in 1988 to 2 412 in 1995 according to the Computer Emergency Response Team (CERT) which is supported by the Defense Advanced Research Projects Agency and is based at the Software Engineering Institute at Carnegie Mellon University. These statistics however underestimate by tens of thousands the actual number of security breaches because agencies and corporations are reluctant or unable to report computer break-ins according to security officials.

In addition the General Accounting Office recently reported that 10 of the largest agencies have serious information security weaknesses some of which have existed for years.

"We've seen a greater exploitation of various holes" in computer systems said Pam Kotlenz information technology security manager for NASA's Louis Research Center and chairwoman of a NASA task force on computer security.

"The hacker community has become much more connected " she continued. "The attacks are becoming more sophisticated. We need a capability that allows us to be able to detect when we have a problem. I'm not sure we're doing a good job of that now."

Indeed civilian agencies have had few options to look for help in the event of a computer intrusion. Only a handful of agencies have in-house security response teams including the Energy Department's Computer Incident Advisory Capability (CIAC) and teams at NASA the Defense Department the Air Force the Navy the Veterans Health Administration and the Small Business Administration.

CERT offers services to all of government and the private sector but as the oldest and largest computer response team in the world CERT responds to a mammoth constituency and unlike FedCIRC does not provide specialized services.

FedCIRC has contracted with CIAC and CERT to operate the new service from their existing sites.FedCIRC will offer three levels of services to agencies for varying fees. For 250 hours of services per calendar year the fee is $250 000. The price tag for 160 hours is $110 000 per calendar year and 50 hours will cost $50 000.

FedCIRC will take emergency calls from agencies that do not subscribe but subscribers' requests will be handled first said Marianne Swanson a computer specialist at NIST's Computer Security Division.

FedCIRC will publish quarterly reports documenting security vulnerability trends at all civilian agencies and biannual reports that outline the reality of threats to government systems.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.