Computer Crime Research Center

hack/hack34.jpg

U.S. agencies unprepared to fight hackers

Date: June 20, 2005
Source: COMPUTERWORLD
By: Jaikumar Vijayan

A majority of federal agencies appear to be unprepared to deal with emerging information security threats such as spyware, phishing and spam, according to a report released Monday by the U.S. Government Accountability Office (GAO). Adding to the problem is a lack of guidance on what exactly government agencies need to report when it comes to these threats, as well as how and to whom they should report such incidents.

As a result, "the federal government is limited in its ability to identify and respond to emerging cybersecurity threats, including sophisticated and coordinated attacks that target multiple federal entities," the 79-page report warned.

The GAO report is based on input from security executives at 24 major federal agencies and discusses potential threats, reported agency perception to these threats and efforts to address them.

According to the GAO, spam, phishing and spyware all pose potent and growing threats to the integrity of federal information systems. Phishing scams, for instance, can result in identity theft and loss of confidential information, the GAO said, adding that several agencies -- including the FBI and the Internal Revenue Service -- had already fallen victim to phishers.

Similarly, spyware programs threaten the integrity of federal systems because of their ability to monitor and reconfigure the systems they infect, the report said. "The blending of these threats creates additional risks that cannot be easily mitigated with currently available tools," the GAO said.

Even so, a majority of the agencies have not yet begun addressing these threats as part of the information security programs they are required to implement under the Federal Information Security Management Act of 2002.

In many instances, spyware, phishing and spam are not even considered security threats. For example, 19 of the 24 agencies reported productivity and bandwidth-related issues resulting from spam e-mail, while only one agency identified it as a potential security problem. Similarly, 17 of the 24 agencies reported that they had not assessed the risk posed to their networks by phishing. And reports provided by 20 agencies showed that all of those agencies lack a formal incident response plan for dealing with phishing and spyware.
Add comment  Email to a Friend

Discussion is closed - view comments archieve
2005-07-08 02:41:51 - Interesting comments, but I think perhaps... Chris Nielsen
2005-06-27 23:54:10 - The United States has sent industry... Rick Jones
Total 2 comments
Copyright © 2001-2024 Computer Crime Research Center
CCRC logo