Hacker attacks, other abuse continue to rise

Computer systems abuse from insiders and outsiders plagues federal agencies creating mounting financial losses according to an annual survey released last week.

More than 50 percent of the 82 federal agencies surveyed reported that their computer systems were accessed by unauthorized individuals last year according to a study jointly conducted by the FBI and the Computer Security Institute (CSI) San Francisco. Those figures show an 11 point increase from 1995 figures when 39 percent of the 77 agencies surveyed confirmed unauthorized usage.

The majority of attacks or misuse resulted from viruses insider abuse of Internet privileges laptop theft unauthorized access by insiders and system penetration according to the survey.

Reported attacks and misuse of systems in the government were higher than incidents reported in the private sector. Most attacks - which include system penetration sabotage and financial fraud - on government systems resulted from Internet access which reverses the trend of agency employees as the most likely source of these types of attacks said Richard Power an analyst at CSI. FBI officials could not be reached for comment.

"The conventional wisdom has always been that 80 percent of the problem is insiders and 20 percent of the problem is outside " Power said. "If you had looked at the [survey] numbers a few years ago they would have been turned around. The difference is the Internet. This indicates that at least for government there are a lot more people trying to get in."

More than 62 percent of 47 federal agencies responding said the Internet was a frequent origin of attack while 40 percent cited internal access as a frequent origin of attack. Remote access was cited by 25 percent of the respondents.

The cost of these breaches also is increasing. Thirty-four agencies reported that these security breaches resulted in $1.5 million in financial losses according to the survey. This figure probably represents only the "tip of the iceberg " Power said because only three-quarters of the 45 agencies that reported unauthorized use or attacks quantified their losses.

In addition Power said that because many attacks and abuses go unnoticed many of the agencies that reported no unauthorized use probably had suffered some losses.

The Air Force is one agency that appears to be making progress against security breaches. According to recent Air Force Computer Emergency Response Team statistics the number of Air Force hacking incidents decreased to 47 in 1996 compared with 84 in 1995 and the number of intrusions decreased to 20 in 1996 from 26 in 1995. Attacks from computer viruses however jumped to 896 in 1996 from 583 a year earlier.

According to Maj. Gen. Michael Hayden commander of the Air Force Air Intelligence Agency (AIA) hackers are shying away from Air Force sites because the agency has demonstrated its ability to track and prosecute them. Of 111 Air Force bases 104 have fully operational automatic intrusion detection systems and the remaining bases will have systems within weeks he said.

The solution to federal agency - and private-sector - security breaches is better training Power said.Capt. Philip Ray director of the Navy's Information Warfare/Command and Control Division said his office is pushing for increased security training for network administrators.

"Everybody thinks that technology is going to solve the problem. To realize true security you have to bring the work force along. It's a cultural change " Ray said.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.