FedCIRC plans patch-release system

CERT Coordination Center

As federal agencies worked to stay ahead of the Code Red computer worm crawling through the Internet last week, officials were planning an automated method of fixing vulnerabilities in government systems.

Under the plan, agencies would provide profiles of the applications and operating systems on their networks to the Federal Computer Incident Response Center, which would then send agencies only the patches they needed. FedCIRC, the lead organization for civilian agency computer-attack warnings and response, is set to release a request for proposals for the system.

"It really is needed, and [Code Red] is a good example of needing to make it easy for people," said Sallie McDonald, assistant commissioner of information assurance and critical infrastructure protection at the General Services Administration. Her office houses FedCIRC.

Code Red exploits a vulnerability in Web servers using Microsoft Corp.'s Windows NT 4.0 or 2000 and Internet Information Server software. Microsoft announced the problem and released a patch to fix it July 18, but the next day, Code Red infected more than 250,000 systems, according to the CERT Coordination Center at Carnegie Mellon University.

Federal agencies worked "diligently...to install the patch in anticipation of Code Red," McDonald said.

Propagation of Code Red slowed after the initial wave, and as of Aug. 2, "from the thousands of federal systems, we have only had one incident reported from one agency," McDonald said.

System vulnerabilities are common, and patches for them are released so often that system administrators have a hard time keeping up, said agency chief information officers, including John Gilligan, the CIO Council's security committee co-chairman.

Featured

  • Defense
    The Pentagon (Photo by Ivan Cholakov / Shutterstock)

    DOD CIO hits pause on JEDI cloud acquisition

    Dana Deasy set cloud as his office's top priority. But when it comes to the JEDI request for proposal, he's directed staff to "pause" to compile a comprehensive review.

  • Cybersecurity
    By Gorodenkoff shutterstock ID 761940757

    Waging cyber war without a rulebook

    As the U.S. looks to go on the offense in the cyber domain, critical questions remain unanswered around who will take the lead and how clearly to draw the rules of engagement.

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Deadline extended for Rising Star nominations

    You now have until July 18 to help us identify the early-career innovators and change agents in government IT.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.