Early bird avoids the worm

FedCIRC advisory

The Internet worm affecting computers nationwide today has had very little impact on federal agencies because most of them applied the patch for the vulnerability last month when the Homeland Security Department's National Cyber Security Division first issued the alert, officials said.

The Blaster worm, also known as Lovesan, has been spreading rapidly this week. It takes advantage of a vulnerability in Microsoft Corp.'s Windows operating system that was discovered in July. The cybersecurity division, through the Federal Computer Incident Response Center (FedCIRC), warned of the vulnerability July 17 and provided information on Microsoft's patch for it.

"Our patch rates were quite good, as evidenced by the fact that today we've had only sporadic reports of impact at federal agencies," said David Wray, a spokesman for the department. "We appear to have done our job."

FedCIRC, which has long pushed to get agency officials to report on the application of patches, has a patch evaluation and dissemination service that lets federal systems administrators get information only on patches that are relevant to their networks. That effort appears to be paying off, Wray said.

The cybersecurity division includes the staff and responsibilities of the National Infrastructure Protection Center, and is responsible for information security analysis of federal agencies and the critical infrastructure of the entire country. The private sector, such as the Internet service providers, oversees much of that infrastructure, but the division keeps in close contact with those companies to monitor the worm, Wray said.

Featured

  • Image: Shutterstock

    COVID, black swans and gray rhinos

    Steven Kelman suggests we should spend more time planning for the known risks on the horizon.

  • IT Modernization
    businessman dragging old computer monitor (Ollyy/Shutterstock.com)

    Pro-bono technologists look to help cash-strapped states struggling with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help.

Stay Connected