Security in the news: Events and non-events

April 1 passed without the massive attack by the much-anticipated Conficker Internet worm, but don't relax just yet.

True, the sneaky malware, which has gone through several evolutions since security experts first became aware of it, did not seize control the nation's computers, perpetrate massive identity theft and bring down the Web. But the story might not be over.

"The network of Conficker-infected machines could still spring to life and be used for nefarious deeds," reports the Associated Press. "One scary element is that Conficker's authors have given the infected PCs peer-to-peer abilities, which allows them to update each other and share malicious commands through encrypted channels."

The scope of the potential problem remains a tantalizing mystery, but a number of security experts tentatively offered their best guess-timates last week:

  • One Internet infrastructure vendor, OpenDNS, reports that 500,000 of its customers, out of 10 million worldwide, have been infected with the most recent iteration, Conficker.c, the IDG News Service reports.
  • After monitoring network activity on April 1, IBM's security experts concluded that 4 percent of Internet addresses sending out malicious data is infected with the same variant, according to Computerworld.
  • Also from Computerworld: A security company based in Vietnam pegs the number of infected PCs at 1.38 million worldwide, of which only 2.6 percent are in the United States.

So why didn't the sky fall? Was the problem overhyped? Were the emergency patches successful? Was it an April Fool's Day joke? Or is the main event still to come?

"More likely the 'it's hitting on April 1' is a misdirection -- a pay-no-attention-to-the-man-behind-the-curtain kind of deal," writes InfoWorld blogger Robert X. Cringely. "Because these days no self-respecting worm author would actually tell you when his baby was planning to strike."

Meanwhile, technology experts are carefully monitoring activity in the Senate, which is considering legislation that aims to tighten up Internet security in government and industry.

The bill would establish a new advisory office in the Executive Office of the President, propagate cybersecurity standards for the public and private sectors, and improve training and certification programs for cybersecurity.

Also, as Network World noted, the legislation would give President Obama the power to shut down Internet connections in the event of a "cybersecurity emergency."

Some security experts "don’t think such sweeping power is good news for anyone, including private networks that could be shut down by government order," writes Network World's John Fontana. "Those same networks would be subject to government mandated security standards and technical configurations."

Others are skeptical of the federal government's ability to improve Internet security through brute force. "Security is an attitude, and it's hard to legislate attitude," Brian Chess, founder and chief scientist at Fortify Software Inc., told Computerworld. "It has more to do with understanding the impact of insecure software on the organization."

Some FCW readers also have their doubts. "Whatever happened to the checks and balances that our Constitutional fathers envisioned?" one reader, signing himself as "Disgusted," commented on our April 1 Web story. "This is yet another example of a knee-jerk reaction by uninformed bureaucrats who are clueless about cybersecurity, yet fancy themselves to be experts because they personally use a Blackberry."

Another reader shared similar sentiments in more graphic terms: "Can you imagine what a disposable diaper would look like if you charged the government with developing it?"

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group