Randy Vickers is the director of US-CERT, which reported that cyber attacks against federal websites and networks increased by almost 40 percent last year. (Federal Times)
Cyber attacks against federal websites and networks increased almost 40 percent last year, according to the Department of Homeland Security's U.S. Computer Emergency Readiness Team (US-CERT).
Federal agencies suffered 41,776 cyber attacks in 2010, up from 30,000 the previous year, according to data reported by the Department of Homeland Security's U.S. Computer Emergency Readiness Team (US-CERT).
Attackers continuously exploited vulnerabilities in applications and products that were unknown to agencies. The "exploit codes" for the vulnerabilities were often made public, putting government and industry at greater risk.
Of the attacks reported last year, 12,864, or 31 percent, were classified as malicious code that infected federal networks. Unauthorized access to a network, denial-of-service attacks against users, improper usage, scans, probes and attempted access to networks — 17,546 incidents in all — made up 42 percent of the attacks. Another 11,336 incident, or 27 percent, are under investigation or labeled as "other." US-CERT is responsible for reporting and mitigating cyber threats against federal networks using the .gov domain. It also provides similar assistance to private-sector networks. Randy Vickers, director of US-CERT, said in an interview that the increases in attacks being reported are the result of both more attacks and greater awareness of attacks.
"Does that mean the numbers are going up only because we're doing the right thing [in reporting more incidents]? No," he said. "The bad guy is doing more, as well, and so the hardest thing to do is take a number and say you saw an X percent increase strictly because the bad guy is doing it. Well, if we didn't have better detection, we wouldn't know the bad guy is doing it."
Last year, it took agencies an average of nine hours to decide if an abnormality was in fact a security breach of some kind.
Once a breach was detected, it took agencies another 20 hours to report it to US-CERT, according to federal data.
For incidents involving unauthorized access, agencies should report to US-CERT within an hour of detection. If malicious software is installed and not quarantined, agencies should report daily or within an hour of discovering widespread activity. Other incidents, such as scans or probes of an unclassified system, require monthly reporting.
Reporting lag times or lack of reporting altogether in some cases aren't the only challenges facing US-CERT. As defenders of the civilian infrastructure, which includes the private sector, US-CERT is also tasked with sharing information to help government and industry better protect themselves.
But companies are not required to provide US-CERT with maps or records of their infrastructure, Vickers said. He equated the task of defending private networks without a clear roadmap to current-day video games.
"There are some video games that the only way you see the map is you have to walk through it, but yet you never know that the bad guy could be coming from this spot over here because you hadn't walked through it. So this is kind of the same thing," he said.
Getting that information relies on building relationships with industry. Companies that were reluctant to share information before are now in communication with US-CERT, and the increase in partnerships is significant, Vickers said. The agency is improving metrics to measure its effectiveness in defending the .gov domain. In the first quarter of this fiscal year, it took US-CERT 3.5 hours to respond to a request for assistance.
Vickers said US-CERT is a growing agency trying to keep up with a mission and workload that is growing even faster. Three years ago, the agency had a staff of eight government employees and some 35 contractors and the task of coordinating responses to 13,029 cyber threats launched against public and private computer networks.
It was a daunting mission, "but we still were primarily focused on being a government CERT," he said.
Now the staff consists of 70 government workers and nearly 80 contractors. What was once a government-focused mission has grown to oversee both public and private networks.
Vickers has the potential to increase his staff by 60 percent over the next two years. That doesn't account for the budget stalemate in Congress, which has held agency budgets to 2010 levels since the beginning of the fiscal year. As his team grows, Vickers would like to further develop relationships with industry and governments.