It is no secret that government agencies are prime targets for cyber criminals. From attacks by “hacktivist” groups like Anonymous and LulzSec to rogue nations seeking access to top-secret information, the threat level is very high and government agencies are right in the crosshairs.
Unfortunately, many agencies are ill prepared to deal with these new and emerging threats. A recent report by the Government Accountability Office (GAO) found that information security incidents at 24 federal agencies have increased more than 600 percent during the last five years due to a combination of more numerous threats and persistent shortcomings in security controls.
The most alarming finding of the report is that these agencies lack proper security controls. As we have highlighted before, hackers will continue to probe for vulnerabilities in order to embarrass the agencies it attacks and disrupt productivity, as well as gain access to sensitive information. Agencies simply have too much to lose by not implementing the right security controls and solutions.
In addition, President Obama just signed an Executive Order (EO) that calls for the responsible sharing and safeguarding of classified information on computer networks. While not every agency deals with top-secret information that would be ideal fodder for Wikipedia, this EO reinforces that all agencies must take the right steps to effectively secure their data.
Speaking of top-secret data, the IT system that controls the Predator and Reaper drones – critical components to our military efforts abroad – have been infected by a virus that logs pilots’ every keystroke as they remotely fly missions over Afghanistan and other war zones. Clearly this breach is a sign that cyber criminals can compromise the most seemingly impervious military systems.
And, Senator Tom Carper (D. Del) summed it all up perfectly in the Federal Computer Week article we cited earlier: “Federal agencies need to fully implement meaningful security programs that can withstand the serious cyber challenges we face today and will face for the foreseeable future, and they need the proper oversight and guidance to accomplish that goal. It is clear more steps need to be taken to enhance the federal government’s information security.”