29 Mar 11. The U.S. Defense Department has taken steps to prevent another massive leak of its classified information, a senior official told a Senate committee yesterday. Thousands of classified military documents were leaked and distributed into the Internet’s public forum last summer, prompting an immediate investigation from the top down. Officials since have singled out the weakest link in the department’s security chain, and began a checks-and-balances system to stem the flood of the critical defense data, Teresa M. Takai, chief information officer and acting assistant secretary of defense for networks and information integration, told the Senate Homeland Security and Government Affairs Committee yesterday.
“The department immediately began working to address the findings and improve its overall security posture to mitigate the possibility of another similar type of disclosure,” she said.
Takai told Senate members that Defense Secretary Robert M. Gates immediately called for two internal studies to review the department’s information security policy and to unveil how classified information is handled in forward-deployed areas. The results showed that forward-deployed units had an “over-reliance” on using removable electronic storage media, Takai said.
Responsibilities needed to be better defined to detect and handle insider threats, she said, and methods to monitor user behavior on classified computer networks were limited. To get control of the vulnerabilities, the department has disabled the ability to copy data from nearly 90 percent of its classified computers, Takai said. The rest of the classified computers were left intact to write removable media for operational reasons, she explained, but only under strict controls. Takai told the committee that more work is coming to prevent stolen data, and a project is under way with the Office of the National Counterintelligence. Executive to add an information technology insider detection capability and insider threat program. The Defense Department is working on a Web-enabled information security training to accompany the department’s mandatory annual information assurance training, she said, and plans also exist for an oversight program for inspections in forward-deployed areas.
“We will strive to implement the mechanisms necessary to protect the intelligence information without reverting back to pre-9/11 stovepipes,” Takai said. “The department continues to work toward a resilient information-sharing environment,” she added, “that is secured through both technological solutions and comprehensive policies.” (Source: ASD Network)
24 Mar 11. Government agencies saw a sharp rise over the past fiscal year in cyber incidents, which increased by 39 percent over 2009, according to an annual report by the Office of Management and Budget. Thirty-one percent of those incidents were malicious code attacks. OMB’s annual report on implementation of the Federal Information Security Management Act of 2002 reported 41,776 federal incidents across 24 agencies in 2010, compared to 30,000 incidents in 2009. “Malicious code through multiple means (e.g., phishing, virus, logic bomb) continues to be the most widely used attack approach,” the report states. In addition to malicious code, nearly 14 percent involved unauthorized access, 18 percent improper usage and 27 percent are listed as under investigation/other. Eleven percent involved scans, probes and attempted access and 0.1 percent were denial-of-service attacks. The U.S. Computer Emergency Readiness Team (US-CERT) compiled incidents from federal, state and local governments, commercial enterprises, U.S. citizens and foreign CERT teams. In 2010, the agency received a total 107,439 reports and 108,710 in 2009. (Source: GCN)
Mar 11. Measures against hacking would be a priority topic at a conference for chief information officers (CIOs), an antivirus company said on Monday. David Jacoby of Kaspersky Lab said that businesses were sp