Agencies are 'own worst enemy'

ORLANDO, Fla. - The largest security danger facing federal agencies still

is the lack of proper security procedures, leaving known vulnerabilities

in place to be exploited by attackers, federal and industry experts said

Thursday.

Statistics gathered by the Defense Department's Computer Emergency Response

Team and Carnegie Mellon University's CERT Coordination Center show that

94 percent to 98 percent of the security incidents reported by federal agencies

happen because the agencies did not use widely available patches for known

vulnerabilities in their software applications and operating systems.

"We're our own worst enemy," said Maj. Gen. John Campbell, commander

of the DOD Joint Task Force for Computer Network Defense, at the Information

Processing Interagency Conference here.

The CERT/CC serves as the operational arm for the Federal Computer Incident

Response Capability, the civilian agencies' coordinating incident response

group. And while the number of reported incidents is getting larger every

year, agencies are still being attacked using the same security holes, said

Katherine Fithen, manager of the CERT/CC.

But known software holes are not the only problem, Campbell said. Many

times, the vulnerability comes from system administrators or users not bothering

to change a default password or not taking the time to close off all the

openings left by an application's default configuration.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.