The Tribulations of Government IT
In less than a week, two embarrassing reports about major incidents affecting US government agencies associated with national security have been reported on in the media.
Hitting various media sources in the last 24 hours was coverage of comments from senior US Defence officials regarding a successful network penetration that affected a low-security system, directly affecting approximately 1,500 email users. While exact details are a little sketchy, popular consensus based on the available reporting is that an unknown number of servers used to provide email capabilities were compromised via some means, and almost 1,500 accounts were temporarily suspended as system administrators investigated the issue.
This low-threat attack pales in comparison to a report that the Department of Homeland Security had their network security breached more than once a day on average over a two year period. The breaches ranged from virus outbreaks to internal systems being used as hacker drop boxes (systems maintained for the sole purpose of storing and disseminating key files used in remote network attacks).
When the agency is mandated as being responsible for maintaining and managing the Information Security needs of the United States, the apparently significant holes in their own network security really open up.
In defence of the DHS, with more than 180,000 employees this rate of successful attack represents 0.004 attacks per employee over the two year period. While not all employees will have routine access to a dedicated networked system, that number can be partially made up by server farms. Some other observers have suggested that it isn't DHS that is at fault, but the "security industry and standard methodologies" that have continued to fail.
Meanwhile, in the UK the head of the National Program for IT (NPfIT), an ambitious and mis-managed modernisation effort for the National Health Service, has stood down after ongoing public damnation of the troubled project. The UK government also came under fire for overspending on consulting work that appeared to have little practical benefit.
22 June 2007
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.Comments will soon be available for registered users.