Early bird avoids the worm

FedCIRC advisory

The Internet worm affecting computers nationwide today has had very little impact on federal agencies because most of them applied the patch for the vulnerability last month when the Homeland Security Department's National Cyber Security Division first issued the alert, officials said.

The Blaster worm, also known as Lovesan, has been spreading rapidly this week. It takes advantage of a vulnerability in Microsoft Corp.'s Windows operating system that was discovered in July. The cybersecurity division, through the Federal Computer Incident Response Center (FedCIRC), warned of the vulnerability July 17 and provided information on Microsoft's patch for it.

"Our patch rates were quite good, as evidenced by the fact that today we've had only sporadic reports of impact at federal agencies," said David Wray, a spokesman for the department. "We appear to have done our job."

FedCIRC, which has long pushed to get agency officials to report on the application of patches, has a patch evaluation and dissemination service that lets federal systems administrators get information only on patches that are relevant to their networks. That effort appears to be paying off, Wray said.

The cybersecurity division includes the staff and responsibilities of the National Infrastructure Protection Center, and is responsible for information security analysis of federal agencies and the critical infrastructure of the entire country. The private sector, such as the Internet service providers, oversees much of that infrastructure, but the division keeps in close contact with those companies to monitor the worm, Wray said.

Featured

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

  • Comment
    cloud (Phaigraphic/Shutterstock.com)

    A call for visionary investment

    Investing in IT modernization is not an either-or proposition, Rep. Connolly writes. This pandemic has presented Congress a choice: We can put our head in the sand and pretend these failures didn't happen, or we can take action to be prepared for the future.

Stay Connected